Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
skill-factory
v0.2.0Autonomous skill creation agent that analyzes requests, automatically selects the best creation method (documentation scraping via Skill_Seekers, manual TDD...
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (autonomous skill factory that scrapes docs, runs TDD, and produces packaged skills) is consistent with the presence of reference docs, a quality-check script, and installer/checker scripts. However, the package does not declare any dependencies, required binaries, or environment variables even though the SKILL.md explicitly says it will install and run 'Skill_Seekers' and perform scraping and packaging. The lack of declared network/filesystem/installation requirements is a mismatch worth noting.
Instruction Scope
SKILL.md describes automatic scraping of documentation, running Skill_Seekers, running QA loops, auto-generating tests, and packaging results into local paths (~/.claude/skills/ and ~/Downloads/). Those instructions imply network access, arbitrary HTTP requests, and writing/executing code on disk. While these actions fit the stated purpose, they widen the trust surface: the agent may fetch and execute third-party code or write files to the user's home directory. The instructions do not declare safeguards (e.g., whitelist of domains, confirmation prompts, or sandboxing).
Install Mechanism
There is no formal install spec in the registry metadata, but the repo includes scripts (scripts/install-skill-seekers.sh and scripts/check-skill-seekers.sh) that the SKILL.md instructs the agent to run. Installer scripts that fetch/bootstraps tools are common for this use case, but they pose higher risk because they typically download and extract external artifacts. The manifest does not show the URLs or provenance of what will be downloaded; therefore the install step is a potential vector for arbitrary code execution and should be inspected before running.
Credentials
The skill declares no required env vars or credentials (good), but its behavior implies needing filesystem write access (creating ~/.claude/skills/ and ~/Downloads zips) and network access for scraping and possibly fetching installers. It may also need optional credentials if the user asks it to scrape private docs or private GitHub repositories — but those credentials are not declared. The absence of declared env vars is reasonable for many public-document workflows but is a mismatch if the skill will be used on private/internal sources.
Persistence & Privilege
The skill is not always:true and is user-invocable (normal). It is expected to write generated skill artifacts to the user's filesystem and to run included scripts; this is consistent with its purpose. It does not declare elevation or modification of other skills' configurations in the metadata. Still, writing to ~/.claude/skills/ and ~/Downloads is a material privilege that should be acknowledged by the user.
What to consider before installing
This package is plausible for an autonomous skill-creation tool but has several risk points you should review before installing or running it:
- Inspect the install script (scripts/install-skill-seekers.sh) and check-skill-seekers.sh to see what URLs they contact and what code they download or run. Prefer only well-known release hosts (GitHub releases, official project domains).
- Review quality-check.py to understand file operations, network calls, and whether it can execute arbitrary commands or write files outside its expected directories.
- Be aware the SKILL.md instructs scraping external documentation and will write artifacts to ~/.claude/skills/ and ~/Downloads/; run in a sandbox or VM if you cannot fully trust the sources.
- If you plan to scrape private/internal documentation or private repos, do not provide credentials until you've verified the code paths that use them; the skill does not declare nor justify any environment variables or tokens.
- If you want to proceed, run the scripts manually in a controlled environment first (not as an unattended agent), and verify downloaded artifacts' provenance and checksums.
If you share the contents of scripts/install-skill-seekers.sh and scripts/quality-check.py (or the specific URLs they contact), I can give a more specific assessment and point out exact lines of concern.Like a lobster shell, security has layers — review code before you run it.
latestvk970pshqkm9bdytbgsashaxbf18443h2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.