Vlmrun Cli Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives locally installed package code the ability to run on the user's machine.
The setup instructions install an unpinned external CLI package. This is central to the skill's purpose, but users should verify the package source before installing.
uv pip install "vlmrun[cli]"
Install only from a trusted package source and consider pinning a known-good version.
The CLI will act under the user's VLM Run account or quota when the API key is available.
The skill requires a provider API key. This is expected for a VLM Run integration, but it is not declared in the registry credential metadata.
`VLMRUN_API_KEY` | Required | Your VLM Run API key (required)
Use a dedicated API key with the minimum necessary access and avoid exposing it in shared shells, logs, or prompt files.
Selected files such as photos, meeting videos, invoices, or contracts may be uploaded to the external service for processing.
The CLI communicates with an external VLM Run service, and the examples show local images, videos, and documents being provided as inputs.
`VLMRUN_BASE_URL` | Optional | Base URL (default: `https://agent.vlm.run/v1`)
Only send files you are permitted to share with VLM Run, and review the provider's retention and privacy terms for sensitive content.
Prior prompts, outputs, or generated artifacts may influence later VLM Run sessions or remain on disk in the cache.
The skill supports session continuation that keeps past conversation and generated artifacts in context, and it also documents a default local artifact cache.
use the `-s` flag to continue a previous session using the session ID
Use fresh sessions for unrelated tasks and clear cached artifacts when processing sensitive material.