← Back to Skills Marketplace
395
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install rune-prompt-amplification
Description
Transforms any flat prompt into a structured 8-layer XML prompt using RUNE's semantic engine — delivering ~45% higher quality AI responses. Built on Spinoza'...
Usage Guidance
Do not install or run this skill until you verify a few things: 1) Confirm which repository is authoritative (neurabytelabs vs mrsarac) and review the wand.py source in that repo — look for network calls, code that reads arbitrary files, or that sends environment variables/contents elsewhere. 2) Do not blindly append your API key into ~/.secrets; storing multiple secrets in a shared plain-text file increases exposure. Prefer exporting RUNE_API_KEY only in the current shell or using a dedicated, tightly-scoped secret file. 3) Inspect package.json and SKILL.md inconsistencies; if metadata supplied to the registry says no env are needed but runtime instructions do, treat that as a red flag. 4) If you must test, run the skill in an isolated environment (VM/container) and audit network traffic to confirm wand.py only communicates with expected endpoints. 5) If you are not comfortable reviewing wand.py or the cloned repo, avoid installing the skill.
Capability Analysis
Type: OpenClaw Skill
Name: rune-prompt-amplification
Version: 1.0.0
The skill is classified as suspicious due to a critical shell injection vulnerability and a supply chain risk. The `main.sh` script sources `$HOME/.secrets` without validating its content, allowing arbitrary code execution if an attacker can control this file. Additionally, the `SKILL.md` setup instructions direct users to clone `https://github.com/mrsarac/master-prompts` into the RUNE directory, which is inconsistent with the `neurabytelabs/rune` repository mentioned in `package.json` and `README.md`, posing a potential supply chain risk from an unexpected source.
Capability Assessment
Purpose & Capability
The skill claims to amplify prompts via a local RUNE 'wand.py' and an API key; that capability justifies needing Python and a RUNE API key. However the registry metadata provided to OpenClaw lists no required env/files, while SKILL.md and package.json both require RUNE_API_KEY and ~/.secrets and a local RUNE repo. There is also a mismatch in repository URLs (homepage/neuraByte repos vs SKILL.md clone URL pointing to mrsarac/master-prompts). These inconsistencies are unexpected and unexplained.
Instruction Scope
Runtime instructions tell the agent/user to source ~/.secrets (loading whatever variables are in that file), to clone an external repo, and to run a local Python script (wand.py). Sourcing ~/.secrets can expose unrelated credentials if that file contains more than the single API key. The SKILL.md clone URL differs from other repo references (neuraByte vs mrsarac), which increases risk because the code you run may come from a different source than advertised.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. But the skill depends on a locally cloned repo and executing its wand.py; that transfers risk to whatever code is in the external repository you clone. package.json lists python_packages (requests) but the SKILL.md does not provide an install step for Python deps — a packaging inconsistency.
Credentials
Requesting a single RUNE_API_KEY is proportionate to the described purpose. However the skill requires the API key to be placed in ~/.secrets and the script sources that file — this could expose multiple secrets if that file holds other credentials. Additionally, registry metadata omitted these environment/file requirements, which is an incoherence that increases suspicion.
Persistence & Privilege
The skill does not request always:true or other elevated persistence and is user-invocable only. That is appropriate. Still, because the script sources ~/.secrets and executes wand.py from a local repo, it will have whatever local-read privileges that file and repo allow (it can read any files the running user can read via the invoked Python script).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rune-prompt-amplification - After installation, invoke the skill by name or use
/rune-prompt-amplification - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of rune-prompt-amplification.
- Transforms flat prompts into structured 8-layer XML prompts for higher-quality AI responses.
- Built on Spinoza's philosophical framework using RUNE's semantic engine.
- Requires Python 3.11+, local RUNE repo, and RUNE_API_KEY for setup.
- Includes command-line usage instructions and detailed layer breakdown.
Metadata
Frequently Asked Questions
What is RUNE Prompt Amplification?
Transforms any flat prompt into a structured 8-layer XML prompt using RUNE's semantic engine — delivering ~45% higher quality AI responses. Built on Spinoza'... It is an AI Agent Skill for Claude Code / OpenClaw, with 395 downloads so far.
How do I install RUNE Prompt Amplification?
Run "/install rune-prompt-amplification" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RUNE Prompt Amplification free?
Yes, RUNE Prompt Amplification is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RUNE Prompt Amplification support?
RUNE Prompt Amplification is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RUNE Prompt Amplification?
It is built and maintained by Mustafa (@mrsarac); the current version is v1.0.0.
More Skills