Back to skill
Skillv1.1.0
VirusTotal security
FlowForge — Autonomous AI Coding Pipeline (Spec → Plan → Code → QA) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:13 AM
- Hash
- 20fe774517c72ff7e2dd9563f6b36e4ab32deb9ac0230b97a56ca11786dd3743
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: flowforge Version: 1.1.0 FlowForge is an autonomous coding pipeline that implements high-risk automation patterns, specifically the use of the `--dangerously-skip-permissions` flag in `run_forge.sh` to bypass Claude Code's interactive security prompts. It also includes a credential rotation mechanism in `rotate_account.sh` that programmatically swaps Claude authentication tokens (`.credentials.json`) to circumvent rate limits. While these features align with the tool's stated purpose of autonomous development, the combination of credential manipulation and unconstrained shell execution creates a significant prompt-injection attack surface where a malicious GitHub issue or task description could lead to unauthorized system access or data loss.
- External report
- View on VirusTotal