Skill Runway Video Gen
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—send a chosen image and prompt to Runway to create a video—but it uses a Runway API key, can incur charges, and uploads the image to Runway.
Install only if you are comfortable providing a Runway API key, paying Runway generation costs, and sending the selected product image and prompt to Runway's API. Consider using a dedicated key and checking the output duration before repeated runs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act against the user's Runway account and may incur Runway usage charges.
The script uses a Runway API key from an environment variable or local config file to authorize API requests.
key = os.environ.get("RUNWAY_API_KEY") ... cfg_path = os.path.expanduser("~/tiktok-api.json")Use a dedicated Runway API key if possible, monitor usage costs, and avoid sharing a config file that contains unrelated credentials.
Product images and prompts leave the local machine and are processed by Runway.
The selected image is base64-encoded and sent with the prompt to Runway's external API.
"promptImage": image_data, "promptText": args.prompt ... requests.post("https://api.dev.runwayml.com/v1/image_to_video"Do not use confidential images or sensitive prompts unless Runway's data handling terms are acceptable for that content.
An agent following the skill's guidance may choose the higher-cost generation option by default.
The skill recommends the more expensive duration option after disclosing that Runway charges per second of output.
Always use 10s — you get more content to work with.
Confirm duration and cost before running generations, especially in automated or repeated workflows.
Future installs may resolve a different dependency version than the one originally tested.
The uv script declares an unpinned dependency, so the exact requests version is not fixed by the artifact.
# dependencies = ["requests"]
Prefer pinned dependency versions or review the resolved environment before use in sensitive workflows.