Runninghub
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only RunningHub API skill, but users should be careful with the API key and any paid or publishing workflow actions.
Use this skill if you want your agent to call RunningHub APIs. Before providing an API key, make sure you understand which account it controls, confirm any paid workflow runs or publishing actions, and prefer a limited or easily revocable key.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a real API key, incorrect requests could consume credits or change workflow/application state.
The skill discloses cloud workflow management and batch AI generation, including actions that may cost money or change/publish workflows. This is purpose-aligned for RunningHub, but users should notice the impact.
工作流管理 | 获取、创建、发布工作流 ... API 调用 | 批量执行 AI 生成任务 ... 部分工作流可能需要付费
Confirm the workflow ID, inputs, expected cost, and any create or publish action before making RunningHub API calls.
An exposed API key could allow requests against your RunningHub account, including viewing account information or consuming credits depending on the key permissions.
The skill requires a RunningHub API key for account-bound API access. That is expected for the service, but it is still a credential that should be handled carefully.
需要有效的 API Key ... 'Authorization': 'Bearer YOUR_API_KEY'
Use a dedicated, revocable API key if possible, provide it only when needed, and revoke or rotate it if it is exposed.