Skillv1.1.5

VirusTotal security

Rune - Self-Improving AI Memory · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 4:29 AM

Hash: b0d95c4851a89cf9bddadae97ee40cfa05aa8bd1f90fe9a2e94280f0fea7b533
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: rune Version: 1.1.5 The OpenClaw Rune skill bundle is classified as benign. While a critical shell injection vulnerability (CVE-2026-0001) was present in previous versions, the provided files clearly document its fix and implement robust input sanitization in `rune-session-handler.sh` and `setup-workflow.sh`. The installation script (`install.sh`) and workflow setup (`setup-workflow.sh`) perform expected integration tasks, such as creating `~/.openclaw` directories, installing a global CLI, and modifying `~/.openclaw/workspace/HEARTBEAT.md` to add maintenance commands for the memory system. Markdown instructions (`SKILL.md`, `README.md`, `INTEGRATION-GUIDE.md`) guide the AI agent's behavior in using the memory system, not to subvert its core directives or exfiltrate data. Core application logic (`src/*.js`) uses parameterized SQL queries and handles LLM API keys securely via environment variables. There is no evidence of intentional harmful behavior, data exfiltration, backdoors, or obfuscation. A minor privacy concern is the logging of context recall events to `/tmp/rune-usage.log` without explicit user consent, but this is not a security vulnerability or malicious act.
External report: View on VirusTotal