Dev Factory Repo
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s goal is coherent, but it can run background development agents, use GitHub/Notion/API tokens, and automatically publish public code with unclear approval boundaries.
Install only if you intentionally want an automated development factory. Use a dedicated GitHub account, private repos, a test Notion database, and low-privilege tokens. Do not enable cron/background jobs or auto-publishing until you have reviewed the code, configured scopes, and confirmed where project data is sent and stored.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish generated or flawed code publicly under the user’s GitHub account.
The skill defaults to creating repositories, pushing generated code, and creating releases publicly. That is high-impact account/public-content mutation without a clearly documented per-release approval gate.
GitHub 자동 배포 ... 저장소 생성 ... 코드 업로드 ... 릴리즈 생성 ... github: auto_publish: true, private: false
Set auto-publish off by default, make repositories private by default, require explicit user approval before each push/release, and show a diff/summary before publishing.
A broad token could let the agent modify more GitHub or Notion data than the user intended.
The skill asks for provider, GitHub, and Notion credentials, while the registry metadata declares no required env vars or primary credential. The artifacts do not specify least-privilege scopes or exact account boundaries.
GLM_API_KEY=your_glm_api_key ... GITHUB_TOKEN=your_github_token ... NOTION_API_KEY=your_notion_api_key ... NOTION_DATABASE_ID=your_database_id
Declare all credentials in metadata, document required scopes, use dedicated low-privilege tokens, and test with a separate GitHub account and Notion database first.
The system may continue running and changing Notion/GitHub state after the initial task unless the user disables the schedule.
The skill documents recurring background jobs that discover ideas, poll Notion, run builds, and update status over time. Persistent autonomous execution is high-impact unless bounded and clearly controlled.
Cron Job 1: Discovery (매일 08:00) ... Cron Job 2: Build (매시간) ... Notion 폴링 ... Build Pipeline 실행
Keep schedules disabled until explicitly enabled, provide clear stop/uninstall instructions, require notifications for every run, and avoid account mutation from unattended jobs.
Project code, prompts, errors, or local files in the working directory could be exposed to or modified by other agents/providers.
The artifacts show tasks and working directories being passed to spawned coding agents, but do not define provider identity, data boundaries, allowed directories, or mutation permissions.
allowedAgents: ["codex", "claude-code", "gemini"] ... sessions_spawn(agentId="codex", mode="run", task=..., cwd="/tmp/builder-projects")
Document exactly which agents/providers are used, restrict spawned-agent working directories, redact secrets before handoff, and require approval before spawned agents modify files.
Future projects could be influenced by stale or maliciously shaped memory, and project details may persist longer than expected.
The skill stores long-term learning and correction patterns for reuse. The artifacts do not clearly describe retention, deletion, redaction, or safeguards against poisoned learned patterns influencing later builds.
Memory System ... Short-term: daily notes ... Long-term: MEMORY.md ... Pattern learning: reflections.md
Make memory opt-in, document storage paths and retention, redact sensitive project data, and provide commands to inspect and delete learned memory.
Users may install or run code from external repositories and dependencies that were not reviewed in this artifact set.
The setup is user-directed and relevant to the skill, but it pulls recursive external code and installs dependencies without an install spec or visible pinned dependency review in the provided artifacts.
git clone --recursive https://github.com/rebugui/OpenClaw.git ... pip install -r requirements.txt
Verify the repository and submodules, use a virtual environment, inspect requirements, and pin dependency versions before running the skill.
A user may provide tokens or project data believing everything stays local when the workflow actually depends on cloud services.
The 'no cloud' assurance conflicts with the same artifact set’s disclosed use of Notion, GitHub, GLM, and other provider APIs. This could make users underestimate external data sharing.
Data Protection ... HTTPS only for APIs ... Local storage only (no cloud)
Replace the privacy claim with an accurate data-flow disclosure listing every external service, what data is sent, and how users can disable each integration.