runapi-cli
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches an installation script from the vendor's official domain (runapi.ai) to set up the CLI tool.
- [COMMAND_EXECUTION]: Installs and executes the vendor-provided 'runapi' binary to interact with remote models, manage account state, and install agent skills into local directories.
- [DATA_EXFILTRATION]: Accesses local media files (e.g., images, audio) to upload them to the vendor's API for model processing, which is the core functionality of the skill. It also writes authentication tokens to a local configuration file (~/.config/runapi/config.json) with appropriate file permissions.
Audit Metadata