Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Disinto Factory
v0.2.1Set up and operate a disinto autonomous code factory. Use when bootstrapping a new factory instance, checking on agents and CI, managing the backlog, or trou...
⭐ 0· 64·0 current·0 all-time
by@johba37
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described purpose (operating an autonomous code factory) legitimately requires access to the local Docker stack, Forgejo/Woodpecker APIs, and repository mirrors, which the SKILL.md instructs. However, the skill metadata lists no required environment variables or credentials even though the runtime instructions and the included script expect secrets like FORGE_TOKEN, WOODPECKER_TOKEN, FORGE_URL, and a populated .env. That mismatch is a meaningful incoherence.
Instruction Scope
Runtime instructions tell the operator (and the agent, if invoked) to source .env, run docker exec into containers, call internal APIs with tokens, clone remote repos, show SSH public keys, and test SSH access to external forges. Those actions are plausibly within the skill's stated scope, but they involve sensitive tokens and host-level operations and the SKILL.md gives broad interactive discretion (e.g., cloning repos, initializing bots, generating and saving tokens) without enumerating required secrets or explicitly warning the user.
Install Mechanism
This is instruction-only (no install spec) with one small helper script; nothing is downloaded from arbitrary URLs and no archive extraction is used. That reduces install-time risk.
Credentials
The skill uses multiple sensitive environment values (FORGE_TOKEN, WOODPECKER_TOKEN, possibly FORGE_URL, PROJECT_REPO_ROOT, SSH keys, etc.) but requires.env and primary credential fields are empty. Requiring and sourcing an undisclosed .env containing CI and repository tokens is disproportionate to what the package metadata declares and hides the credential surface from reviewers.
Persistence & Privilege
The skill is not always: true and uses normal autonomous-invocation defaults; it does instruct running an init that generates and 'saves' tokens into .env (normal for this class of tool), but it does not request or claim elevated platform privileges or to modify other skills. Still, the combination of host-level Docker access and credential generation/storage raises operational risk and should be confined to isolated hosts/containers.
What to consider before installing
This skill appears to be a legitimate factory operator, but it does not declare the sensitive environment variables and tokens it needs. Before installing or running it: (1) inspect the disinto repo/init scripts (bin/disinto) and any code that writes/reads .env to verify what tokens are created/stored; (2) do not run the init on a host with unrelated secrets — run it in an isolated VM or LXD container as recommended; (3) review the contents of your .env and only provide least-privilege tokens (create tokens scoped to the specific repo and CI actions); (4) avoid uploading or pasting private SSH keys — only add the public key to remotes; (5) if you need a stronger assurance, ask the publisher for an explicit requires.env list and a signed release or review the full upstream repository on Codeberg/GitHub before trusting the scripts. If the maintainer provides an explicit list of required env vars and a clear explanation of what the init writes to .env, my confidence would increase toward benign.Like a lobster shell, security has layers — review code before you run it.
latestvk979pzhmkhjrwsd3gjbn8zbxbn83r7qc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.