← Back to Skills Marketplace
659
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install solo-factory
Description
Install the full Solo Factory toolkit — 23 startup skills + solograph MCP server for code intelligence, KB search, and web search. Use when user says "instal...
Usage Guidance
This skill appears to do what it says, but it uses risky install patterns (npx, GitHub plugin installs, and a curl | sh installer) and will modify agent/server configuration to auto-start services. Before installing: 1) Inspect the referenced GitHub repo (https://github.com/fortunto2/solo-factory and solograph) and review release artifacts and install scripts; 2) Avoid piping remote scripts to sh — download, inspect, and verify signatures/checksums first; 3) Prefer cloning the repo and running installs in a disposable VM/container or sandbox; 4) Expect interactive logins or elevated permissions for clawhub/claude/mcporter and verify what accounts will be used; 5) Backup any .mcp.json or agent config files before applying changes; 6) If you cannot audit the code, treat automatic installs and auto-starting MCP services as high risk and do not run them on production machines.
Capability Analysis
Type: OpenClaw Skill
Name: solo-factory
Version: 1.1.1
The skill is classified as suspicious primarily due to the use of `curl -LsSf https://astral.sh/uv/install.sh | sh` in `SKILL.md` for installing the `uvx` dependency. This pattern, while common for installing legitimate tools, represents a significant remote code execution (RCE) vulnerability and supply chain risk, as it executes arbitrary code downloaded from a remote server without prior inspection. Although the stated intent is to install a legitimate tool, this method introduces a high-risk capability that could be exploited if the remote server or script were compromised, or if the author had malicious intent not immediately apparent. The `allowed-tools` also grant broad `Bash, Read, Write` permissions, which are necessary for an installer but amplify the risk of such commands.
Capability Assessment
Purpose & Capability
The name/description claim a one-command installer for a 23-skill toolkit plus optional solograph MCP; the SKILL.md contains concrete commands (npx, clawhub, claude plugin, mcporter/.mcp.json edits, uvx solograph) that implement that purpose. No unrelated credentials or bizarre side effects are requested in the instructions.
Instruction Scope
Instructions tell the agent to run remote installers, install plugins across multiple agent platforms, and modify agent MCP configuration (.mcp.json, mcporter). They do not ask to read unrelated host files or environment variables, but they do instruct actions that give the installed components broad, persistent capabilities (auto-starting MCP, adding hooks).
Install Mechanism
There is no formal install spec in the registry, but the runtime instructions direct use of npx (executes remote packages), claude plugin installs from a GitHub URL, and explicitly suggest a curl -LsSf https://astral.sh/uv/install.sh | sh command — downloading and piping a script to sh is high risk. The instructions do not provide pinned releases, checksums, or verification steps.
Credentials
The skill declares no required environment variables or secrets, which is consistent. However some of the suggested flows (clawhub install, claude plugin install, mcporter config) may require account credentials or elevated access at runtime even though they are not declared — the documentation does not warn about or justify these implicit auth/permission requirements.
Persistence & Privilege
The installer configures long-running components (solograph MCP), suggests MCP auto-start and adding hooks/plugins across agents, and edits agent configuration (mcporter/.mcp.json). While plausible for a toolkit installer, these are persistent, cross-agent changes that increase the blast radius if the installed code is malicious or buggy.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install solo-factory - After installation, invoke the skill by name or use
/solo-factory - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Universalize: remove project-specific references, add SearXNG recommendation
v1.1.0
3 install methods: npx skills, clawhub, Claude Code plugin
v1.0.0
Meta-skill: one-command setup for all 23 solo skills + solograph MCP
Metadata
Frequently Asked Questions
What is Factory?
Install the full Solo Factory toolkit — 23 startup skills + solograph MCP server for code intelligence, KB search, and web search. Use when user says "instal... It is an AI Agent Skill for Claude Code / OpenClaw, with 659 downloads so far.
How do I install Factory?
Run "/install solo-factory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Factory free?
Yes, Factory is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Factory support?
Factory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Factory?
It is built and maintained by Rust (@fortunto2); the current version is v1.1.1.
More Skills