rw-setup-api-key
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows industry-standard security best practices by instructing users to store API keys in environment variables and
.envfiles rather than hardcoding them in source code. - [SAFE]: The skill includes instructions to update
.gitignoreto prevent sensitive configuration files from being committed to version control. - [EXTERNAL_DOWNLOADS]: The skill installs the official RunwayML SDKs ('@runwayml/sdk' for Node.js and 'runwayml' for Python) along with standard environment management utilities ('dotenv', 'python-dotenv'). These are legitimate vendor-owned or well-known packages.
- [COMMAND_EXECUTION]: The skill utilizes shell commands for package installation ('npm', 'pip'). These operations are restricted to standard dependency management and are consistent with the skill's stated purpose of project setup.
Audit Metadata