Back to skill
Skillv1.0.0
VirusTotal security
RUNE Prompt Amplification · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:45 AM
- Hash
- 71f8019b4de5e3bdd5e410eb23f117e30881f316ccbd7c4e5ceeed8a7cab8eab
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rune-prompt-amplification Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability and a supply chain risk. The `main.sh` script sources `$HOME/.secrets` without validating its content, allowing arbitrary code execution if an attacker can control this file. Additionally, the `SKILL.md` setup instructions direct users to clone `https://github.com/mrsarac/master-prompts` into the RUNE directory, which is inconsistent with the `neurabytelabs/rune` repository mentioned in `package.json` and `README.md`, posing a potential supply chain risk from an unexpected source.
- External report
- View on VirusTotal