use-runway-api
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements secure credential management by directing users to use environment variables (
RUNWAYML_API_SECRET) rather than inputting keys directly into the chat interface. It explicitly warns against key exposure in conversation history. - [SAFE]: Command execution is primarily scoped to a dedicated management script (
runway-api.mjs). Utility commands for data processing (Node.js and Python) are used in a standard manner for handling API requests and base64 media encoding. - [SAFE]: All network operations and documentation fetches target official vendor domains (
runwayml.com), ensuring that data transit and reference material originate from trusted sources. - [SAFE]: The skill's guidance on modifying shell profiles (
~/.zshrc) is a common developer pattern for establishing persistent environment variables and is presented as a manual user action for configuration.
Audit Metadata