← Back to Skills Marketplace
z-team-alpha

Overnight Factory

by Alpha Zenith · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
222
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install overnight-factory
Description
Set up an AI agent as an Overnight Software Factory operator. Use when configuring an OpenClaw agent to autonomously handle support tickets end-to-end: recei...
Usage Guidance
This skill appears to implement the ticket→PR automation it advertises, but exercise caution before installing. Key concerns: - The skill metadata lists no required env vars, but the instructions require GITHUB_TOKEN, EMAIL_USER, and EMAIL_PASSWORD — confirm what secrets you must provide. - The SKILL.md tells you to store your GitHub token in ~/.git-credentials and set global git user/email. That persists a token in plaintext and affects all git activity on the machine; prefer a least-privilege approach (repo-scoped deploy keys or fine-scoped personal access tokens) and avoid writing tokens to global files. - It instructs running Claude Code with --dangerously-skip-permissions, which disables local permission checks. Avoid this or understand exactly what permissions are being bypassed. - The cron + subagent design gives the skill ongoing autonomous power to clone repos, commit, push, and open PRs. Test everything in a limited/staging environment and use a bot account with minimal scopes (only the repos and actions it truly needs). Rotate tokens regularly and monitor audit logs. - Before going live, verify exactly which files the skill will write (memory/, workspace/, ~/.git-credentials) and consider isolating the agent on a dedicated account or container. If you want to proceed: create a constrained bot account with minimal scopes, avoid storing tokens in global git files, don't use --dangerously-skip-permissions, and run the cron in a controlled/staging environment first.
Capability Analysis
Type: OpenClaw Skill Name: overnight-factory Version: 1.0.0 The skill bundle configures an autonomous 'Software Factory' with high-risk capabilities, including the use of the `--dangerously-skip-permissions` flag for Claude Code and the storage of sensitive credentials (GitHub tokens and email passwords) in plain text via `.env` and `~/.git-credentials`. While these actions are aligned with the stated goal of autonomous ticket handling, the instructions in SKILL.md and references/ticket-pipeline.md create a significant security risk by bypassing execution safeguards and exposing secrets in the filesystem and git configurations. No clear evidence of intentional data exfiltration or malicious intent was found, but the configuration is inherently insecure.
Capability Assessment
Purpose & Capability
The instructions legitimately need GitHub and email access for the ticket-to-PR flow, but the registry metadata declares no required env vars or credentials while the SKILL.md explicitly instructs creating .env with GITHUB_TOKEN, EMAIL_USER, and EMAIL_PASSWORD and persisting the token to ~/.git-credentials. This mismatch between declared requirements and actual instructions is a material incoherence.
Instruction Scope
Runtime instructions perform wide-reaching actions: logging into IMAP (with plaintext password), cloning repos and pushing branches using an embedded token, writing to memory/ and workspace files, and configuring global git credentials. They also call out running Claude with --dangerously-skip-permissions and spawning autonomous subagents. These steps go beyond a narrow helper script and include altering user environment and bypassing agent permission checks.
Install Mechanism
This is instruction-only with no install spec or downloaded code, so there is no installer risk from external archives or package downloads.
Credentials
The skill asks the operator to create and store high-privilege secrets (GITHUB_TOKEN, EMAIL_PASSWORD) and to embed the GitHub token in ~/.git-credentials (global, plaintext). Although the token+email creds are necessary for the described functionality, requiring global credential storage and not declaring these envs in the skill metadata is disproportionate and increases blast radius. The SKILL.md also expects access to a Claude binary with an option that skips permissions checks, which elevates risk.
Persistence & Privilege
The skill's workflow creates a cron job that autonomously runs every 15 minutes and spawns subagents to act (open PRs, push commits). While always:false (no forced inclusion), the instructions intentionally establish ongoing autonomous behavior and modify global git config (~/.git-credentials), which changes system-wide user state — this combination increases persistent privilege and potential for unintended side effects.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install overnight-factory
  3. After installation, invoke the skill by name or use /overnight-factory
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the Overnight Factory skill. - Enables autonomous handling of support tickets from email or GitHub assignment to PR creation. - Provides clear architecture for agent operation, including cron-based ticket polling and subagent ticket processing. - Includes setup steps for credentials, environment, and cron scheduling. - Details critical operational rules and error handling. - Contains validation checklist and debugging guide. - Reference files document full prompt templates and lessons learned.
Metadata
Slug overnight-factory
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Overnight Factory?

Set up an AI agent as an Overnight Software Factory operator. Use when configuring an OpenClaw agent to autonomously handle support tickets end-to-end: recei... It is an AI Agent Skill for Claude Code / OpenClaw, with 222 downloads so far.

How do I install Overnight Factory?

Run "/install overnight-factory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Overnight Factory free?

Yes, Overnight Factory is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Overnight Factory support?

Overnight Factory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Overnight Factory?

It is built and maintained by Alpha Zenith (@z-team-alpha); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments