Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Factory AI Droid
v1.0.0Use Factory AI's droid CLI to interactively build, debug, refactor, review, and deploy code, with support for plugins, MCP servers, and multiple AI models.
⭐ 0· 2.4k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes using a third‑party 'droid' CLI to perform code changes, commits, PRs, and deployments. The top-level registry metadata lists no required binaries or env vars, but the SKILL.md metadata and examples require the 'droid' binary and mention FACTORY_API_KEY and deployment targets (fly.io). That mismatch (undeclared binary/env requirements and a missing description) is unexplained and disproportionate to an instruction-only wrapper.
Instruction Scope
Runtime instructions tell the agent to run 'droid' commands that operate on the codebase (multi-file edits, commit/PR generation, deploy) and to add MCP servers and plugins. The skill text does not constrain where data is sent or how sessions are stored; adding MCP servers or plugins could direct code and secrets to arbitrary external servers. The SKILL.md also contains a hard-coded local install path (/Users/mitchellbernstein/...), suggesting leftover local artifacts rather than a vetted, general instruction set.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, so it does not write files or pull arbitrary archives. This is lower-risk from an installation perspective. Note: the README's claim that 'droid' is already installed at a specific user path is a suspicious local artifact but not an install mechanism.
Credentials
The instructions explicitly reference FACTORY_API_KEY and a 'droid login' flow and imply other credentials may be required for deploy targets (e.g., fly.io), but the registry metadata declares no required environment variables or primary credential. Requesting API keys and enabling deployment without declaring or justifying those secrets is disproportionate and unexplained.
Persistence & Privilege
The skill does not request always:true and does not declare config path access. However, the ability it exposes to add MCP servers and plugins (via the 'droid' tool) could expand system reach or persistence outside the agent, depending on how the droid CLI manages plugins/servers. This is a capability-level risk rather than an explicit metadata claim by the skill.
What to consider before installing
This skill is basically an instruction sheet for a separate 'droid' CLI — it does not include or declare that CLI or the credentials it references. Before installing or using it: 1) Verify the provenance of the 'droid' CLI and inspect its binary/source — do not run it until you trust it. 2) Do not provide FACTORY_API_KEY or deploy credentials until the author explains what servers the CLI talks to and how data is handled. 3) Avoid adding MCP servers or plugins from unknown sources; those can forward code or secrets externally. 4) If you want to test, run the CLI in a sandbox or on a read-only copy of your repo and monitor network traffic. 5) Ask the skill author for a clear description, a declared list of required binaries/env vars, and where session data and network traffic are sent. These clarifications would raise confidence; until then treat the skill cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk97bme1tbh6cc28d81wbamyzxn7ztw56
License
MIT-0
Free to use, modify, and redistribute. No attribution required.