Back to skill
Skillv2.0.0
VirusTotal security
form-builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:38 AM
- Hash
- 915a52d46809c20f9bf99837c226729ea221aed5a679e495741399541f05f686
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: form-builder Version: 2.0.0 The skill bundle contains hardcoded plaintext database credentials (IP: 192.168.1.136, User: postgres, Password: Hxkj510510) within SKILL.md. It instructs the AI agent to use these credentials to perform read/write operations on a 'roadflow' database to facilitate 'similarity-based form copying.' While the provided Node.js scripts (html_form_generator.js and validator.js) appear to be functional utilities for HTML generation, the inclusion of internal network credentials and instructions for the agent to access a specific database target constitutes a significant security risk and a potential vector for unauthorized data access or internal network pivoting.
- External report
- View on VirusTotal