Agent Factory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but its package identity is inconsistent and its helper script can write agent files outside the intended folder if given a crafted name.
Before installing, verify the correct package slug and publisher. If you use it, run the script only in a safe workspace, use plain agent names such as 'researcher' or 'coder' rather than paths, inspect generated SKILL.md files, and keep inbox/outbox folders free of secrets or untrusted instructions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may not be installing or reviewing the package identity they expect, which weakens trust in updates and provenance.
This embedded metadata conflicts with the registry metadata shown for owner, slug, and version; SKILL.md also documents installing 'sub-agent-factory' while the evaluated registry slug is 'agent-factory-100'.
"ownerId": "kn725q11g4d88mxsn46ghhf7qx81nj3s", "slug": "sub-agent-factory", "version": "1.1.0"
Verify the publisher and intended slug before installing; the package should be republished with consistent registry metadata, _meta.json, and installation instructions.
A crafted or accidental agent name could create directories or overwrite a SKILL.md outside the intended agents folder.
The script builds filesystem paths directly from the user-controlled agent name and overwrites SKILL.md without validating against '..', slashes, absolute paths, or existing files.
NAME=$1 DIR="agents/$NAME" mkdir -p "$DIR/inbox" "$DIR/outbox" "$DIR/workspace" ... cat <<EOM > "$DIR/SKILL.md"
Only use simple safe agent names, run the script in a disposable workspace, and update the script to reject path separators, '..', absolute paths, and existing target files.
Anything placed in an agent's inbox may be treated as an instruction, and outputs written to outbox may be read or reused later.
The generated agent definition relies on file-based inbox/outbox communication, but the artifacts do not define message origin, trust boundaries, or access controls for those folders.
Read instructions from ./inbox and write outputs to ./outbox.
Keep each agent's inbox/outbox private to the task, avoid placing secrets there, and review messages before letting an agent act on them.