What to check before installing/using Rune: - Manual code review: open and review src/index.ts and any scripts (e.g., skills/rune-slides-scripts/build-deck.js). Look for network calls, hard-coded endpoints, eval/child_process usage, obfuscated/unprintable characters, and any code that sends data off-host. - Inspect SKILL.md content and the per-skill .md files for authoritative 'MUST'/'HARD-GATE' directives that attempt to override agent/system behavior. Treat these like prompt-injection: they are instructions to the agent, not system policy. - Search the repository for external endpoints (http(s) URLs, IPs) and for calls that could exfiltrate files (fetch/axios/http.request, sockets, exec of curl/scp). If found, confirm purpose and destination. - Run the code in a sandboxed environment (isolated VM or container) first, and do not point it at repos that contain secrets, tokens, or production data until you are satisfied with its behavior. - If you expect only the 'adversary' red-team functionality, be aware this package is a full mesh (many skills). Consider disabling skills you don't need (openclaw.plugin.json provides a disabledSkills config) or using a trimmed fork that contains only the specific red-team module. - Ask the publisher for authoritative source and release checksum: confirm the claimed GitHub repo and compare commit hash or package checksum before trusting the bundle. What would change the assessment to 'benign': a short security review showing no outbound network calls, no obfuscated control characters, and a clear mapping of which files perform I/O; or an explicit, auditable installer that restricts runtime behavior. If you want, I can (1) list precise grep commands to find network/exec patterns in the code, or (2) summarize the contents of src/index.ts and the build script if you paste them here.