runware is an AI agent skill, created by 26medias and published at openclaw/skills. ClawSecure audited runware across 4 files through the 3-Layer Audit Protocol covering all ten OWASP ASI Top 10 categories, assigning a security score of 25/100 (High Risk). The 10 findings concentrate in Data Exfiltration, Policy Violation and Unauthorized Tool Use, including Pattern detected: base64.b64encode and Pattern detected: base64.b64encode. 2 were rated high or critical severity.
Is runware safe?
ClawSecure audited runware and assigned a security score of 25/100 (High Risk), identifying 10 findings across Data Exfiltration and Policy Violation. Review the findings below before installing.
What did ClawSecure find in runware?
ClawSecure identified 10 findings in runware, concentrated in Data Exfiltration, Policy Violation and Unauthorized Tool Use. 2 were rated high or critical severity. The most severe include Pattern detected: base64.b64encode and Pattern detected: base64.b64encode.
How was runware audited?
ClawSecure ran runware through its 3-Layer Audit Protocol with full OWASP ASI Top 10 coverage, scanning 4 files from openclaw/skills.
What does a score of 25 mean?
ClawSecure assigned runware a security score of 25/100, placing it in the High Risk range. This is driven by 10 findings led by Data Exfiltration that should be addressed before use. ClawSecure derives this score with a weighted deduction model (critical -20, high -10, medium -5, low -2 from a base of 100).
Audit Findings for runware
ClawSecure detected 10 security findings in runware, spanning Data Exfiltration, Policy Violation, Unauthorized Tool Use and Social Engineering.
- critical · Pattern detected: base64.b64encode. Data Exfiltration finding detected in
scripts/image.py:53. - critical · Pattern detected: base64.b64encode. Data Exfiltration finding detected in
scripts/video.py:54. - medium · Pattern detected: import urllib.request. Data Exfiltration finding detected in
scripts/image.py:11. - medium · Pattern detected: import urllib.request. Data Exfiltration finding detected in
scripts/video.py:12. - medium · Skill code uses network libraries but doesn't declare network.... Unauthorized Tool Use finding.
- medium · Skill performs actions not reflected in its description. Social Engineering finding detected in
SKILL.md. - medium · Script iterates through environment variables in.... Data Exfiltration finding detected in
/tmp/url-scans/908cea2d3d9276e8/scripts/image.py. - medium · Script iterates through environment variables in.... Data Exfiltration finding detected in
/tmp/url-scans/908cea2d3d9276e8/scripts/video.py. - medium · Missing config.json - agent may not be properly configured. Permissions Manifest finding.
- info · Skill manifest does not include a 'license' field. Specifying a license.... Policy Violation finding detected in
SKILL.md.
Each finding is expandable in the interactive list below.
3-Layer Audit Protocol
Security Recommendations for runware
Audit external network connections
Resolve policy violations
Add a config.json permissions manifest
Related Security Research
ClawHavoc Explained: The Malware Family Targeting AI Agents→Beyond Static Scans: Why ClawSecure Verifies Agentic Intent→Related AI Agent Security Audits
Scanned on February 7, 2026. runware is one of thousands of agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.