ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RUNE Prompt Amplification

Transforms any flat prompt into a structured 8-layer XML prompt using RUNE's semantic engine — delivering ~45% higher quality AI responses. Built on Spinoza'...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 217 · 0 current installs · 0 all-time installs
byMustafa@mrsarac
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to amplify prompts via a local RUNE 'wand.py' and an API key; that capability justifies needing Python and a RUNE API key. However the registry metadata provided to OpenClaw lists no required env/files, while SKILL.md and package.json both require RUNE_API_KEY and ~/.secrets and a local RUNE repo. There is also a mismatch in repository URLs (homepage/neuraByte repos vs SKILL.md clone URL pointing to mrsarac/master-prompts). These inconsistencies are unexpected and unexplained.
!
Instruction Scope
Runtime instructions tell the agent/user to source ~/.secrets (loading whatever variables are in that file), to clone an external repo, and to run a local Python script (wand.py). Sourcing ~/.secrets can expose unrelated credentials if that file contains more than the single API key. The SKILL.md clone URL differs from other repo references (neuraByte vs mrsarac), which increases risk because the code you run may come from a different source than advertised.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. But the skill depends on a locally cloned repo and executing its wand.py; that transfers risk to whatever code is in the external repository you clone. package.json lists python_packages (requests) but the SKILL.md does not provide an install step for Python deps — a packaging inconsistency.
!
Credentials
Requesting a single RUNE_API_KEY is proportionate to the described purpose. However the skill requires the API key to be placed in ~/.secrets and the script sources that file — this could expose multiple secrets if that file holds other credentials. Additionally, registry metadata omitted these environment/file requirements, which is an incoherence that increases suspicion.
Persistence & Privilege
The skill does not request always:true or other elevated persistence and is user-invocable only. That is appropriate. Still, because the script sources ~/.secrets and executes wand.py from a local repo, it will have whatever local-read privileges that file and repo allow (it can read any files the running user can read via the invoked Python script).
What to consider before installing
Do not install or run this skill until you verify a few things: 1) Confirm which repository is authoritative (neurabytelabs vs mrsarac) and review the wand.py source in that repo — look for network calls, code that reads arbitrary files, or that sends environment variables/contents elsewhere. 2) Do not blindly append your API key into ~/.secrets; storing multiple secrets in a shared plain-text file increases exposure. Prefer exporting RUNE_API_KEY only in the current shell or using a dedicated, tightly-scoped secret file. 3) Inspect package.json and SKILL.md inconsistencies; if metadata supplied to the registry says no env are needed but runtime instructions do, treat that as a red flag. 4) If you must test, run the skill in an isolated environment (VM/container) and audit network traffic to confirm wand.py only communicates with expected endpoints. 5) If you are not comfortable reviewing wand.py or the cloned repo, avoid installing the skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97ar12zzxbgbt0cbmy5y32jxd821xxn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

RUNE — Prompt Amplification Framework

RUNE transforms flat, ambiguous prompts into structured XML prompts validated by Spinoza's philosophical framework — resulting in outputs that are ~45% higher quality than raw prompting.

The 8 Layers

LayerNamePurpose
L0System CoreRole, persona, behavioral rules
L1Context IdentityDomain knowledge, target audience
L2Intent ScopeTask definition, output format
L3GovernanceConstraints, ethical boundaries
L4Cognitive EngineThinking strategy (CoT, ToT)
L5Capabilities DomainTools, integrations, capabilities
L6QAValidation criteria, quality control
L7Output MetaFormat, style, length, language

Requirements

  • Python 3.11+
  • RUNE repo cloned locally
  • RUNE_API_KEY in ~/.secrets

Usage

# Pipe a prompt
echo "Write a blog post about AI" | bash main.sh

# Pass as argument
bash main.sh "Explain quantum entanglement to a 12-year-old"

Setup

# 1. Clone RUNE repo
git clone https://github.com/mrsarac/master-prompts ~/Documents/GitHub/rune

# 2. Add API key to ~/.secrets
echo "export RUNE_API_KEY=your_key" >> ~/.secrets

# 3. Test
echo "Hello" | bash main.sh

Source

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…