Back to skill
Skillv1.0.0
VirusTotal security
App Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:18 AM
- Hash
- fb290359ea65904598b49796f7c1da0a32d38a6dfb8b1e1922eec16b4c77bfc4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: app-builder Version: 1.0.0 The skill is classified as suspicious due to its explicit instruction in `SKILL.md` to read the local `.env` file and push its contents to Vercel. While this action is a common and often necessary step for deploying applications, it grants the AI agent access to potentially sensitive environment variables (e.g., API keys, database credentials). This represents a high-risk capability that, if subverted or if the agent were compromised, could lead to data exposure or exfiltration, even though the stated intent is legitimate deployment to Vercel.
- External report
- View on VirusTotal