by 安全扫描
OpenClaw
可疑
medium confidenceThe skill is an instruction-only wrapper around an external 'droid' CLI that references API keys, plugins, and MCP servers but fails to declare or justify the credentials and system access it will need, creating a mismatch between its claims and the actual operational surface.
评估建议
This skill is basically an instruction sheet for a separate 'droid' CLI — it does not include or declare that CLI or the credentials it references. Before installing or using it: 1) Verify the provenance of the 'droid' CLI and inspect its binary/source — do not run it until you trust it. 2) Do not provide FACTORY_API_KEY or deploy credentials until the author explains what servers the CLI talks to and how data is handled. 3) Avoid adding MCP servers or plugins from unknown sources; those can for...详细分析 ▾
⚠ 用途与能力
The SKILL.md describes using a third‑party 'droid' CLI to perform code changes, commits, PRs, and deployments. The top-level registry metadata lists no required binaries or env vars, but the SKILL.md metadata and examples require the 'droid' binary and mention FACTORY_API_KEY and deployment targets (fly.io). That mismatch (undeclared binary/env requirements and a missing description) is unexplained and disproportionate to an instruction-only wrapper.
⚠ 指令范围
Runtime instructions tell the agent to run 'droid' commands that operate on the codebase (multi-file edits, commit/PR generation, deploy) and to add MCP servers and plugins. The skill text does not constrain where data is sent or how sessions are stored; adding MCP servers or plugins could direct code and secrets to arbitrary external servers. The SKILL.md also contains a hard-coded local install path (/Users/mitchellbernstein/...), suggesting leftover local artifacts rather than a vetted, general instruction set.
✓ 安装机制
There is no install spec and no code files — the skill is instruction-only, so it does not write files or pull arbitrary archives. This is lower-risk from an installation perspective. Note: the README's claim that 'droid' is already installed at a specific user path is a suspicious local artifact but not an install mechanism.
⚠ 凭证需求
The instructions explicitly reference FACTORY_API_KEY and a 'droid login' flow and imply other credentials may be required for deploy targets (e.g., fly.io), but the registry metadata declares no required environment variables or primary credential. Requesting API keys and enabling deployment without declaring or justifying those secrets is disproportionate and unexplained.
ℹ 持久化与权限
The skill does not request always:true and does not declare config path access. However, the ability it exposes to add MCP servers and plugins (via the 'droid' tool) could expand system reach or persistence outside the agent, depending on how the droid CLI manages plugins/servers. This is a capability-level risk rather than an explicit metadata claim by the skill.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/1/25
Initial release of Factory AI skill for software engineering automation. - Provides droid CLI for building, debugging, refactoring, and deploying code. - Supports both interactive and exec (non-interactive) command modes. - Includes features for MCP server management and plugin extensibility. - Enables authentication via CLI login or API key environment variable. - Offers flexible model selection and session-based memory for context. - Includes command examples for feature development, debugging, code review, and deployment.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install factory-ai
镜像加速npx clawhub@latest install factory-ai --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制