ClawHub

Runpod Media

Security checks across static analysis, malware telemetry, and agentic risk

Overview

RunPod Media appears purpose-aligned, but using it gives the skill paid API/storage credentials and uploads selected local media to cloud services.

Install only if you are comfortable giving it RunPod and Cloudflare R2 credentials and having selected media uploaded to those services. Use scoped keys, spending limits, a dedicated R2 bucket with verified lifecycle cleanup, and confirm any custom or expensive RunPod endpoint before use.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse
Medium
What this means

Using the skill can consume RunPod account credits and write selected uploads into the configured R2 bucket.

Why it was flagged

The skill requires RunPod and Cloudflare R2 credentials. That is expected for RunPod media generation and temporary file uploads, but it grants access to paid account resources and R2 storage.

Skill content
"/runpod/apiKey" ... "RunPod API key" ... "/cloudflare/r2/secretAccessKey" ... "Cloudflare R2 Secret Access Key"
Recommendation

Use a dedicated RunPod key and R2 bucket with limited scope, spending limits, and lifecycle cleanup; remove the credentials if you stop using the skill.

#ASI07: Insecure Inter-Agent Communication
Medium
What this means

Private images or audio provided to the skill may be stored temporarily in R2 and processed by RunPod endpoints.

Why it was flagged

Local files supplied as image/audio inputs are uploaded to Cloudflare R2 and then shared with RunPod via a presigned URL. This is purpose-aligned, but selected media leaves the local machine.

Skill content
def ensure_url(path_or_url: str, imgbb_key: str | None = None) -> str:
    """Return a public URL, uploading to R2 (presigned, 1 min) if a local path is given."""
    ...
    client.put_object(Bucket=bucket, Key=key, Body=f, ContentType=content_type)
Recommendation

Do not submit sensitive media unless you are comfortable with that provider flow; verify the R2 lifecycle rule actually deletes uploads as expected.

#ASI02: Tool Misuse and Exploitation
Medium
What this means

Calling unknown or expensive endpoints could send unintended payloads or incur higher RunPod costs.

Why it was flagged

The skill exposes a generic RunPod endpoint caller with arbitrary endpoint IDs and full JSON payload overrides. This is disclosed and central to the skill's flexibility, but it is broader than the safer task-specific commands.

Skill content
$SKILL_DIR/run.sh call_endpoint \
  --endpoint <ENDPOINT_ID> \
  ...
  [--input '{"key": "value"}']   # full JSON override
Recommendation

Prefer the built-in commands for common tasks, and confirm endpoint ID, model, cost, and inputs before using custom endpoints.

#ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Runtime behavior depends on the included scripts and Python dependency resolution.

Why it was flagged

The skill runs local Python helper scripts through uv at runtime. This is expected for the provided scripts, but users should recognize that the skill is not purely instruction-only despite the absent install spec.

Skill content
exec uv run "$SCRIPT_DIR/${COMMAND}.py" "$@"
Recommendation

Review the included scripts before granting credentials, and prefer pinned dependencies or a lockfile for stronger supply-chain assurance.