SvelteKit WebApp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sveltekit-webapp Version: 1.1.1 The skill is classified as suspicious due to its explicit requirement for the `exec` tool, which allows arbitrary shell command execution. While the `SKILL.md` and `references/cli-commands.md` files clearly state that all commands require explicit user approval via the agent's safety framework, the inherent risk of shell access means a sophisticated prompt injection could potentially bypass these controls if the agent's input sanitization or approval process is flawed. However, there is no evidence of intentional malicious behavior, data exfiltration, persistence mechanisms, or obfuscation within the provided files; all listed commands are standard for web application development and deployment.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent may create repositories, push code, and deploy a live application under your accounts.
The skill documents commands that create and push a GitHub repository and can trigger production deployment. This is expected for the stated deployment purpose, but it is high-impact.
gh repo create [project-name] --private --source=. --push ... git push origin main # Triggers production deployment
Review each command before approval, confirm the target repository and branch, and deploy to staging/private targets before production.
Actions may be performed in the currently authenticated personal or organization accounts, including repository creation and deployment.
The preflight checks rely on existing authenticated CLI sessions, so later GitHub, Vercel, or Turso actions would run with the user's logged-in identity.
gh auth status 2>/dev/null && echo "✓ GitHub" ... vercel whoami 2>/dev/null && echo "✓ Vercel" ... turso auth status
Before using the skill, confirm which GitHub/Vercel/Turso accounts and teams are active, and use least-privilege tokens or separate accounts where appropriate.
The generated project may include many third-party packages, and compromised or unexpectedly changed packages could affect the application.
The setup flow installs and runs standard external JavaScript tooling and dependencies. This is normal for SvelteKit scaffolding, but package provenance and version drift matter.
pnpx sv create [project-name] ... pnpx sv add eslint prettier mcp mdsvex tailwindcss vitest playwright ... pnpm install
Review package.json and lockfiles, pin versions for production-sensitive projects, and run dependency audit/update checks before deployment.
Incorrect, malicious, or secret-containing entries in project notes could mislead future coding iterations or be accidentally committed.
The workflow stores reusable project guidance in progress.txt and has future agent iterations read it. This is purpose-aligned project memory, but persistent context can influence later behavior.
Read the progress log at `progress.txt` (check Codebase Patterns section first) ... add it to the `## Codebase Patterns` section at the TOP of progress.txt
Inspect CLAUDE.md and progress.txt before reuse, avoid storing secrets there, and treat project-local notes as editable context rather than trusted policy.