Agent Factory
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Agent Factory matches its stated goal of creating sub-agents, but those agents persist and inherit broad browser, account, cron, and memory capabilities that need careful review.
Install only if you intentionally want persistent sub-agents with broad access similar to your main OpenClaw agent. Back up openclaw.json first, prefer isolated browser profiles, restrict Google Sheets/browser credentials, edit the generated USER.md, and review any cron jobs before enabling them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, duplicate, or overly privileged agent can persist in the OpenClaw runtime until the config is manually repaired.
When invoked, the script directly rewrites the global OpenClaw configuration to add a new agent. This is purpose-aligned, but it is a high-impact runtime mutation without documented duplicate checks, rollback, or confirmation beyond running the command.
jq --argjson newAgent "$NEW_AGENT" \ '.agents.list += [$newAgent]' \ "$CONFIG_FILE" > "$TEMP_FILE" && mv "$TEMP_FILE" "$CONFIG_FILE"
Back up openclaw.json before use, review each generated agent entry, and add confirmation, uniqueness checks, and rollback or uninstall instructions.
A created agent may act through existing browser sessions or modify spreadsheet data using the user's account context.
The skill tells users that every created agent can use the existing Chrome profile/tabs and read/write Google Sheets. That can reuse local browser sessions and third-party account authority, while the metadata declares no scoped credentials or permission boundaries.
**Not:** `profile=openclaw` izole browser için, `profile=chrome` mevcut Chrome sekmeleri için. ### 4. Google Sheets (gog) - Sheets okuma/yazma
Prefer isolated browser profiles, use least-privilege Google credentials, and explicitly limit which agents can access browser or Sheets tools.
New agents may believe the wrong person is the primary user and may build memory or behavior around that incorrect profile.
The script seeds every generated agent's persistent USER.md with a hard-coded personal name and a note area that the agent will fill over time. For other users, this creates persistent false user context.
- **Name:** Tevfik Gülep - **Notlar:** _Ajan bu alanı zamanla dolduracak_
Remove the hard-coded name, prompt for the installer's user profile, or leave USER.md blank until the user explicitly fills it.
Sensitive instructions or data could be passed between agents or messaging channels more broadly than the user expects.
The skill supports messaging and task delegation across agents and through Telegram-style commands. This is central to the purpose, but the artifacts do not describe origin checks, per-agent authorization, or data-sharing boundaries.
`angarya: <mesaj>` - Ajan'a doğrudan mesaj - `/pm angarya <mesaj>` - Aynı işlev "Angarya'ya şunu yaptır: ..." → Ajanı çağırır
Define which agents may receive sensitive tasks, avoid sending secrets through delegated messages, and require explicit approval for cross-agent actions.
If cron jobs are added, agent-created tasks could run repeatedly or in the background.
Cron support is disclosed and the included script only creates templates, not scheduled jobs. Still, cron is a persistence mechanism that could keep agent tasks running outside the immediate conversation if enabled later.
### 5. Cron Jobs - Her ajan kendi cron job'unu oluşturabilir - cron/ klasörü otomatik oluşturulur
Do not enable generated cron jobs unless you have reviewed their code, owner, schedule, and expected outputs.
The script may fail or behave unexpectedly on systems without jq installed.
The script depends on jq, but the registry requirements list no required binaries. This is an under-declared local dependency rather than evidence of malicious behavior.
NEW_AGENT=$(jq -n \ ... jq --argjson newAgent "$NEW_AGENT"
Declare jq as a required binary and document setup prerequisites.