Back to skill
Skillv0.2.0
VirusTotal security
GateCrash Forms · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:59 AM
- Hash
- 7a4bb2be9b6dfb4cf7e137c11259afdc196bc1bab24c208afbfb7eae17802d5d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gatecrash-forms Version: 0.2.0 The skill bundle is a wrapper for the `gatecrash-forms` npm package, which handles sensitive data like SMTP credentials (including passwords) and stores form responses locally. While the instructions in `SKILL.md` and `README.md` are functional and do not explicitly instruct the AI agent to perform malicious actions like exfiltration or unauthorized access, the direct handling of sensitive credentials and local file system writes by the underlying tool represents a significant risk. The reliance on an external npm package (`gatecrash-forms`) also introduces a supply chain vulnerability. These capabilities, though plausibly needed for the stated purpose, are high-risk and warrant a 'suspicious' classification due to the potential for misuse or compromise of the underlying tool.
- External report
- View on VirusTotal