RUNE Prompt Amplification
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a prompt formatter, but it loads your secrets file and runs an unreviewed local RUNE script from an external repo, so it should be reviewed before installation.
Install only if you trust and have reviewed the external RUNE repository and are comfortable with the script sourcing ~/.secrets. Prefer setting only RUNE_API_KEY in the environment for this command, and avoid putting unrelated secrets in a file this skill will source.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The generated XML prompt may change how an AI assistant behaves if used as a high-priority prompt.
The skill is explicitly designed to generate prompt layers that can define roles, behavior, and tool capabilities for a downstream model.
| L0 | System Core | Role, persona, behavioral rules | ... | L5 | Capabilities Domain | Tools, integrations, capabilities |
Review the generated prompt before using it as system/developer instructions, especially any tool or behavior rules.
Other API keys or credentials in ~/.secrets could become available to the RUNE engine or any code it runs.
The script loads the entire user secrets file, not only RUNE_API_KEY, and child processes can inherit any secrets placed into the environment.
if [[ -f "$HOME/.secrets" ]]; then source "$HOME/.secrets" fi
Use a dedicated RUNE_API_KEY environment variable or a narrowly parsed config file instead of sourcing a generic secrets file.
The behavior of the installed skill depends on whatever code is present in that external local clone.
The runtime depends on an external repository cloned without a pinned commit or lockfile, and the required engine code is not included in the reviewed skill.
git clone https://github.com/mrsarac/master-prompts ~/Documents/GitHub/rune
Pin the external RUNE dependency to a reviewed commit, document the exact source, and include an install spec or vendored reviewed code.
If the local RUNE checkout is modified or malicious, invoking this skill runs that code under the user’s account.
The reviewed script executes a local wand.py file outside the supplied artifacts, so the main behavior is performed by unreviewed Python code.
python3 "$WAND" inscribe "$PROMPT"
Only run this after reviewing the local wand.py file, and prefer a packaged, pinned, auditable engine.