v2.0.0

form-builder

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:20 AM.

Analysis

This form-building skill is coherent in purpose, but it exposes database credentials and instructs the agent to read and write a RoadFlow database, so it needs careful review before installation.

GuidanceDo not install this as-is for a real RoadFlow environment. Rotate the exposed database password, replace hardcoded credentials with a least-privilege user-supplied configuration, require explicit approval before any database write, and fix HTML escaping before using it with imported schemas or untrusted form definitions.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

查询 roadflow.rf_form 表... 读取该记录的完整内容... 生成新 ID，保存为新表单

The skill instructs the agent to read existing database records and persist new form records, but does not define approval gates, dry-run diffs, rollback, or strict table/field boundaries.

User impactA mistaken or over-eager invocation could create or alter shared RoadFlow form definitions that other users or business workflows depend on.

RecommendationRequire explicit user confirmation before any database write, show a diff of the generated HTML/JSON, use transactions with rollback, and restrict the database role to the minimum needed permissions.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

scripts/html_form_generator.js

placeholder="${field.placeholder || ''}" value="${field.value || ''}"

Schema and field-definition values are interpolated directly into generated HTML attributes and text without visible escaping or validation.

User impactIf a schema or field definition comes from an untrusted source, the generated HTML could include injected markup or script that runs when opened or deployed.

RecommendationEscape all HTML text and attribute values, whitelist field types and names, sanitize option/default/placeholder content, and treat imported schemas as untrusted input.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"main": "scripts/index.js", "test": "node scripts/verify.js"

The package references files that are not present in the supplied manifest, while the SKILL.md also describes PostgreSQL integration that is not implemented or dependency-declared in the included package.

User impactThe package may not run as described, and users have less assurance that the high-impact database behavior is implemented in reviewed, bounded code.

RecommendationInclude all referenced files, remove stale package scripts, declare and pin any real dependencies, and document whether database work is delegated to another reviewed skill.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

数据库配置（roadflow） ... 用户: postgres ... 密码: Hxkj...

The skill publishes concrete PostgreSQL connection details, including a high-privilege-looking username and password, despite the registry declaring no credential requirement.

User impactIf the credential is real, an installing agent or anyone who can read the skill can access the RoadFlow database account and potentially modify business form data.

RecommendationRemove hardcoded secrets, rotate the exposed password, declare the credential contract, and require a user-supplied least-privilege database role via environment variables or configuration.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

数据持久化: 使用 sessionStorage/localStorage 保存已填内容

The skill discloses that generated multi-step forms may store filled-in data in browser storage.

User impactEnd-user form entries may remain on the device after the session, which can matter for sensitive personal or business forms.

RecommendationUse sessionStorage by default for sensitive forms, document retention behavior, provide a clear reset/clear option, and avoid localStorage for confidential fields.