Overnight Factory
Security checks across malware telemetry and agentic risk
Overview
This skill openly sets up a persistent autonomous coding bot with email and GitHub credentials, disabled Claude Code permission checks, and authority to modify repositories and open PRs, so it needs careful review before use.
Install only if you want a dedicated autonomous support-to-PR bot and can isolate it. Use a separate bot GitHub account, least-privilege credentials, a dedicated inbox, sandboxed execution, repo/issue allowlists, monitoring, and an easy way to disable the cron job.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot could mark support messages as read, post public issue comments, push branches, and open PRs automatically based on incoming tickets.
The default workflow gives the agent automated authority over email state and GitHub/codebase mutations without a required human checkpoint for each ticket.
Fetch all UNSEEN emails. Mark them all read immediately... Spawn ONE subagent... Create branch, implement fix..., push, open PR
Use a dedicated support inbox and bot account, add repo and issue allowlists, require approval before posting/pushing, and test in dry-run mode before enabling live automation.
If the workspace or host is compromised, the GitHub token and email password could be reused to access or mutate the user's accounts.
The skill asks for account credentials and stores the GitHub token in the global git credential store, with no clear token-scope, lifetime, or storage-hardening guidance.
GITHUB_TOKEN=ghp_... EMAIL_USER=support@yourdomain.com EMAIL_PASSWORD=... echo "https://bot-username:${GITHUB_TOKEN}@github.com" > ~/.git-credentials git config --global credential.helper storeUse a dedicated low-privilege bot account, fine-grained short-lived GitHub credentials or a GitHub App, an email app password/OAuth where possible, and avoid plaintext/global credential storage.
A subagent processing an issue or repository content could execute broader local commands than expected while holding workspace credentials.
The skill recommends running an autonomous coding agent through shell execution with Claude Code permission checks disabled.
Spawn a subagent (`runtime: "subagent"`) that runs `claude -p --dangerously-skip-permissions --output-format text "..."` via exec
Do not use `--dangerously-skip-permissions` in production unless the agent is strongly sandboxed; run in a container or restricted worktree, mount only needed secrets, and add command/tool approval gates.
The agent can keep checking for work and spawning new coding tasks until the cron is removed or disabled.
The intended design is persistent autonomous operation with background subagents, not a one-time interactive task.
Cron job (every 15min, isolated session)... Dispatch: spawn subagent per ticket
Set explicit stop conditions, concurrency limits, monitoring, and an emergency disable procedure; review the cron schedule and spawned sessions regularly.
Local memory files may contain customer or ticket metadata and can affect whether future tickets are skipped or reprocessed.
The skill stores support-ticket metadata in persistent local memory and uses that state to decide whether future tickets have already been handled.
Update `memory/support-tickets.json`... "email_from": "user@example.com", "issue_url": "https://github.com/org/repo/issues/2", "pr_url": "https://github.com/org/repo/pull/3"
Store the minimum necessary ticket data, protect the memory directory, validate entries before trusting them, and define retention/cleanup rules.