Build Custom Linux ISO's and Deployments
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for managing OpenFactory ISO builds and VMs, but users should notice that it can use account tokens, deploy code from Git, and create or delete cloud VM resources.
Install this only if you intend to use OpenFactory to build and manage ISOs or VMs. Confirm destructive actions before they run, use trusted Git repositories, replace placeholder passwords such as `changeme`, avoid putting unrelated secrets in recipes, and protect API keys, session tokens, console URLs, and ISO download links.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could stop or delete a VM and its disk in the OpenFactory environment.
The skill exposes destructive VM operations. They are aligned with the VM-management purpose, but a mistaken or overly autonomous tool call could delete cloud resources.
`delete_vm(vm_name)` | Delete a VM and its disk. ... `stop_vm(vm_name, force?)` | Stop a VM. `force=true` for immediate power-off.
Require clear user confirmation before destructive VM actions and verify VM names/build IDs before invoking them.
Anyone or any agent flow with the token could act within the associated OpenFactory session or account scope.
The skill uses OpenFactory API keys or session tokens for account continuity. This is expected for the service, but it is sensitive delegated access.
Authentication (pick one): API Key ... Pass as `api_key` parameter on every tool call, or as `Authorization: Bearer of_mcp_<key>` HTTP header. ... Session Token ... Pass it to all subsequent calls
Use least-privilege API keys where available, avoid sharing tokens in prompts or logs, and revoke keys that are no longer needed.
Deploying an untrusted repository could place unwanted or vulnerable code into the generated ISO or VM environment.
The skill can build an ISO that runs code from a Git repository as a service. This is central to the deployment purpose, but repository choice is security-relevant.
`deploy_from_git(repo_url, base_image?, branch?)` | Build an ISO that auto-deploys a git repo as a service.
Deploy only trusted repositories and review branch/source selection before building images.
Information sent in recipes or tool calls is processed by the OpenFactory service rather than staying entirely local.
The skill routes tool calls through a remote MCP endpoint. This is disclosed and purpose-aligned, but it creates an external data boundary for recipes, repo URLs, build details, and tokens.
OpenFactory exposes an MCP (Model Context Protocol) server over SSE. Endpoint: `https://build.openfactory.tech/api/mcp/sse`
Avoid including unnecessary secrets in recipes, and treat returned console/download URLs as sensitive.