Trust Assessment
runware received a trust score of 21/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 4 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, Data Exfiltration via Arbitrary File Read.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Data Exfiltration via Arbitrary File Read The `load_image_as_datauri` function in both `scripts/image.py` and `scripts/video.py` reads the content of a user-specified file path, base64 encodes it, and then sends it to the Runware API. An attacker can manipulate the `input` argument (for `cmd_img2img`, `cmd_upscale`) or `images` argument (for `cmd_img2vid`) to point to sensitive files on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, environment variables if they were files), leading to their exfiltration through the API request. Restrict file access to a designated, sandboxed directory. Validate and sanitize all user-provided file paths to prevent reading outside this directory. Consider if direct filesystem access for image input is necessary, or if images should be provided via URLs or secure byte streams. | LLM | scripts/image.py:29 | |
| CRITICAL | Data Exfiltration via Arbitrary File Read The `load_image_as_datauri` function in both `scripts/image.py` and `scripts/video.py` reads the content of a user-specified file path, base64 encodes it, and then sends it to the Runware API. An attacker can manipulate the `input` argument (for `cmd_img2img`, `cmd_upscale`) or `images` argument (for `cmd_img2vid`) to point to sensitive files on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, environment variables if they were files), leading to their exfiltration through the API request. Restrict file access to a designated, sandboxed directory. Validate and sanitize all user-provided file paths to prevent reading outside this directory. Consider if direct filesystem access for image input is necessary, or if images should be provided via URLs or secure byte streams. | LLM | scripts/video.py:29 | |
| CRITICAL | Arbitrary File Write via Unsanitized Output Path The `download_image` function in `scripts/image.py` and `download_file` in `scripts/video.py` write downloaded content to a path derived from `args.output`. The `Path(args.output).expanduser()` call allows for path traversal (`../`) and absolute paths. An attacker can specify an output path like `/etc/passwd` or `/tmp/foo/../../etc/malicious.conf` to write arbitrary content to sensitive locations on the filesystem, potentially leading to system compromise or denial of service. Sanitize `args.output` to prevent path traversal (`..`) and absolute paths. Ensure output files are always written to a designated, temporary, or sandboxed directory. Use `pathlib.Path.resolve()` with `strict=True` to get the absolute path and then verify it is within an allowed base directory. | LLM | scripts/image.py:45 | |
| CRITICAL | Arbitrary File Write via Unsanitized Output Path The `download_image` function in `scripts/image.py` and `download_file` in `scripts/video.py` write downloaded content to a path derived from `args.output`. The `Path(args.output).expanduser()` call allows for path traversal (`../`) and absolute paths. An attacker can specify an output path like `/etc/passwd` or `/tmp/foo/../../etc/malicious.conf` to write arbitrary content to sensitive locations on the filesystem, potentially leading to system compromise or denial of service. Sanitize `args.output` to prevent path traversal (`..`) and absolute paths. Ensure output files are always written to a designated, temporary, or sandboxed directory. Use `pathlib.Path.resolve()` with `strict=True` to get the absolute path and then verify it is within an allowed base directory. | LLM | scripts/video.py:45 | |
| HIGH | Potential data exfiltration: file read + network send Function 'download_image' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/26medias/runware/scripts/image.py:61 | |
| HIGH | Potential data exfiltration: file read + network send Function 'download_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/26medias/runware/scripts/video.py:62 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/26medias/runware/scripts/image.py:11 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/26medias/runware/scripts/video.py:12 |
Scan History
Embed Code
[](https://skillshield.io/report/d13f5a0e018f32a9)
Powered by SkillShield