Agent Factory
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it creates persistent new agents that inherit broad tools, existing profiles, and account-level access without clear limits.
Install only if you intentionally want a persistent multi-agent system. Before using it, back up your OpenClaw config, review generated USER.md and memory files, restrict inherited tools and credentials, prefer isolated browser profiles, and require confirmation for spreadsheet writes, browser actions, cron jobs, and delegated inter-agent tasks.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A newly created agent may be able to control browser sessions, change spreadsheets, and set up scheduled work if those platform tools are available.
The skill grants every created agent broad automation and write capabilities rather than a clearly scoped, minimal tool set.
Yeni oluşturulan her ajan aşağıdaki yeteneklere sahiptir ... Browser (Chromium) ... Google Sheets (gog) - Sheets okuma/yazma ... Cron Jobs - Her ajan kendi cron job'unu oluşturabilir
Only install if you want all created agents to inherit these tools. Add per-agent permissions and require explicit user confirmation for browser actions, spreadsheet writes, and cron setup.
New agents could act through the user's existing browser or connected service accounts, including reading or changing account data.
The skill tells agents to use existing API keys, Chrome tabs/profile state, and Google Sheets access without documenting credential scope or per-agent boundaries.
API Key: Gateway config'de tanımlı ... `profile=chrome` mevcut Chrome sekmeleri için ... Google Sheets (gog) - Sheets okuma/yazma
Use isolated browser profiles and least-privilege service credentials. Do not allow newly created agents to inherit Chrome, Gateway, or Google account access unless explicitly approved.
Created agents remain available after the task and may keep their memory, sessions, and inherited capabilities until the user manually cleans them up.
The script creates persistent agent directories and mutates the central OpenClaw configuration to register the new agent.
WORKSPACE_DIR="/home/ubuntu/.openclaw/agents/${AGENT_ID}" ... mkdir -p "$WORKSPACE_DIR/memory" ... '.agents.list += [$newAgent]' ... mv "$TEMP_FILE" "$CONFIG_FILE"Back up openclaw.json before use, require confirmation before adding agents, check for duplicates, and provide a clear uninstall or rollback path for generated agents.
Agents created by this skill may think the user is someone else and may preserve incorrect or sensitive notes across future sessions.
The generated persistent user context is seeded with a hardcoded person's name and is designed to be filled over time, which can mislead or poison future agent sessions.
cat > "$WORKSPACE_DIR/USER.md" << EOF ... - **Name:** Tevfik Gülep ... - **Notlar:** _Ajan bu alanı zamanla dolduracak_
Remove hardcoded personal identity data, initialize USER.md from the actual user's explicit input, and document retention and editing controls for generated memory files.
Messages or tasks could be passed between agents with unclear authority, potentially causing unintended tool use or data exposure across agents.
The skill defines task routing between agents and messaging channels but does not specify origin checks, permission boundaries, or data-sharing limits.
Telegram'da: `angarya: <mesaj>` ... `/pm angarya <mesaj>` ... Sub-agent olarak: "Angarya'ya şunu yaptır: ..."
Define which users and agents may send tasks, require approval for sensitive delegated actions, and log or label inter-agent messages with clear origin and permissions.