v0.3.0

Runa

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:34 AM.

Analysis

Runa appears to be a coherent bookmarking and notes API skill, but it requires a Runa API key and sends saved links, notes, and uploaded files to Runa for storage and processing.

GuidanceThis skill is suitable if you want an agent to manage your Runa bookmarks and notes. Before installing, make sure you trust the Runa endpoint, store the API key securely, confirm any delete requests carefully, and avoid uploading sensitive files or notes unless you intend them to be stored and processed by Runa.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

### Delete a bookmark ... `curl -s -X DELETE "https://api.onruna.com/v1/links/<id>"` ... `Always confirm before deleting bookmarks.`

The skill can permanently delete Runa bookmarks through the API. This is within the stated purpose, and the instructions require confirmation before deletion.

User impactA mistaken delete request could remove a saved bookmark from Runa.

RecommendationConfirm the bookmark title and ID before approving deletion, and avoid broad or ambiguous delete requests.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage. There is no code or install script here, so this is only a provenance note rather than evidence of unsafe behavior.

User impactUsers have less external information to verify who maintains the skill or whether the API endpoint is the intended Runa service.

RecommendationVerify the Runa service and API endpoint before providing an API key, especially if installing from an unfamiliar registry entry.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Read the API key from `~/.openclaw/secrets/runa.json` (field: `api_key`) or fall back to the `RUNA_API_KEY` environment variable. Authenticate all requests with: `Authorization: Bearer <api_key>`

The skill needs a bearer API key for the user's Runa account. This is expected for a Runa integration, but it grants account access to list, save, update, upload, and delete Runa content.

User impactAnyone using this skill should treat the Runa API key like an account credential because it can access and modify their Runa library.

RecommendationUse a dedicated Runa API key if available, store it only in OpenClaw secrets or the intended environment variable, and revoke it if the skill is no longer used.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/api.md

Create a new bookmark or text note. Automatically enriches and triggers AI tagging. Provide either `url` or `text` ... `POST /v1/files` ... Upload a PDF or image file. Stored and AI-processed in background.

The skill stores user-provided notes, links, and uploaded files in Runa, where they may be enriched, tagged, searched, and AI-processed. This is disclosed and aligned with a bookmarking/notes service.

User impactPrivate notes, links, PDFs, or images saved through the skill may persist in the Runa account and be processed by Runa.

RecommendationOnly save or upload content you intend to store in Runa, and review Runa’s privacy and retention settings for sensitive material.