← Back to Skills Marketplace
379
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install dev-factory
Description
Automates software development by discovering ideas from GitHub, CVEs, and news, generating code with ChatDev 2.0 agents, testing, self-correcting, and publi...
README (SKILL.md)
Builder Agent
개요
보안 도구와 DevOps 유틸리티를 자동으로 생성하는 개발 에이전트입니다. ChatDev 2.0의 7개 에이전트가 협업하여 요구사항 분석부터 배포까지 전 과정을 자동화합니다.
자가 수정 루프: 에러 발생 시 자동으로 수정 후 재시도 (최대 3회)
워크플로우
아이디어 발굴 (GitHub Trending, CVE, Security News)
↓
Notion 큐 등록 (아이디어 데이터베이스)
↓
ChatDev 2.0 개발 (7개 에이전트 협업)
├─ CEO: 요구사항 분석
├─ CPO: 제품 기획
├─ CTO: 아키텍처 설계
├─ Programmer: 코드 생성
├─ Reviewer: 코드 리뷰
├─ Tester: 테스트 생성
└─ CTO Final: 최종 검증
↓
자동 테스트 실행
↓
에러 발생? → 수정 → 재시도 (최대 3회)
↓
GitHub 저장소 생성 및 배포
주요 기능
1. 아이디어 발굴 (Discovery)
- GitHub Trending: 인기 프로젝트 분석
- CVE 데이터베이스: 최신 취약점 기반 도구
- Security News: 보안 뉴스 기반 유틸리티
- Notion 큐: 아이디어 자동 등록
2. ChatDev 2.0 개발 (Development)
7개 에이전트 협업:
| 에이전트 | 역할 | 담당 업무 |
|---|---|---|
| CEO | 최고경영자 | 요구사항 분석, 방향성 결정 |
| CPO | 최고제품책임자 | 제품 기획, 기능 정의 |
| CTO | 최고기술책임자 | 아키텍처 설계, 기술 스택 결정 |
| Programmer | 개발자 | 코드 생성, 구현 |
| Reviewer | 리뷰어 | 코드 리뷰, 품질 검증 |
| Tester | 테스터 | 테스트 코드 작성, 실행 |
| CTO Final | 최종검토자 | 최종 검증, 배포 승인 |
3. 자가 수정 루프 (Self-Correction)
테스트 실행
↓
에러 발견
↓
에러 분석 → 수정 방안 도출
↓
코드 수정
↓
재테스트
↓
성공? → 배포 / 실패? → 재시도 (최대 3회)
4. GitHub 자동 배포 (Publishing)
- 저장소 생성: 자동으로 GitHub 저장소 생성
- 코드 업로드: 완성된 코드 자동 푸시
- README 생성: 자동 문서화
- 릴리즈 생성: v1.0.0 자동 릴리즈
설치 방법
1. 저장소 클론
git clone --recursive https://github.com/rebugui/OpenClaw.git
cd OpenClaw/submodules/builder-agent
2. ChatDev 2.0 설정
cd ../chatdev-v2
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
3. 의존성 설치
cd ../builder-agent
pip install -r requirements.txt
4. 환경 변수 설정
cp .env.example .env
.env 파일 수정:
# GLM API (Zhipu AI)
GLM_API_KEY=your_glm_api_key
GLM_BASE_URL=https://api.z.ai/api/coding/paas/v4
# GitHub
GITHUB_TOKEN=your_github_token
GITHUB_USERNAME=your_username
# Notion
NOTION_API_KEY=your_notion_api_key
NOTION_DATABASE_ID=your_database_id
# ChatDev
CHATDEV_URL=http://localhost:6400
5. ChatDev 서버 시작
cd ../chatdev-v2
python server_main.py --port 6400
# API: http://localhost:6400
사용법
수동 실행
1. 아이디어 발굴
python main.py discovery
2. 개발 실행
# Notion 큐에서 아이디어 가져와서 개발
python main.py develop
# 특정 프로젝트 개발
python main.py develop --project "cve-scanner"
3. 큐 모니터링
python queue_monitor.py
스케줄러 등록
OpenClaw 스케줄러에 등록하여 자동 실행:
# config.yaml
jobs:
# 아이디어 발굴 (매일 08:00, 20:00)
- id: "builder_discovery"
name: "Builder Discovery - 매일 오전 8시/오후 8시 아이디어 발굴"
enabled: true
module: "submodules.builder-agent.main"
class: "BuilderAgentV3"
method: "run_discovery"
trigger:
type: "cron"
day_of_week: "mon-sun"
hour: "8,20"
minute: 0
# 개발 큐 처리 (6시간마다)
- id: "builder_queue_processor"
name: "Builder Queue Processor - 6시간마다 개발/개선 큐 처리"
enabled: true
module: "submodules.builder-agent.main"
class: "BuilderAgentV3"
method: "run_development_from_notion"
trigger:
type: "interval"
hours: 6
# 큐 모니터링 (6시간마다)
- id: "builder_queue_monitor"
name: "Builder Queue Monitor - 6시간마다 큐 상태 체크 및 알림"
enabled: true
module: "modules.builder.queue_monitor"
function: "main"
trigger:
type: "interval"
hours: 6
설정 파일
config.yaml
discovery:
sources:
- github_trending
- cve_database
- security_news
max_ideas: 5
keywords:
- vulnerability
- scanner
- automation
development:
max_retries: 3
test_timeout: 300
output_dir: "./projects"
chatdev:
url: "http://localhost:6400"
model: "glm-5"
timeout: 1800
github:
auto_publish: true
private: false
license: "MIT"
파일 구조
builder-agent/
├── main.py # 메인 실행 파일
├── config.yaml # 설정 파일
├── .env.example # 환경 변수 예시
├── requirements.txt # 의존성
│
├── discoverer/ # 아이디어 발굴
│ ├── github_trending.py
│ ├── cve_analyzer.py
│ └── news_monitor.py
│
├── orchestrator/ # 개발 오케스트레이션
│ ├── chatdev_client.py
│ ├── test_runner.py
│ └── github_publisher.py
│
├── improvement/ # 개선 시스템
│ └── improvement_pipeline.py
│
├── models/ # 데이터 모델
│ └── project.py
│
└── logs/ # 로그
└── builder.log
Notion 데이터베이스 설정
아이디어 데이터베이스
Title(제목)Status(선택: Idea, Developing, Testing, Completed, Failed)Priority(선택: High, Medium, Low)Source(선택: GitHub, CVE, News)Created(생성일)Repository(URL)
예시 프로젝트
생성된 프로젝트들
- secure_app - 보안 설정 자동화 도구
- cve-scanner-v2 - CVE 취약점 스캐너
- file-integrity-monitor - 파일 무결성 모니터링
프로젝트 구조
cve-scanner-v2/
├── README.md
├── requirements.txt
├── setup.py
├── src/
│ ├── __init__.py
│ ├── main.py
│ └── utils.py
└── tests/
├── __init__.py
└── test_main.py
성공/실패 기록
성공한 프로젝트 (2026-02-22 ~ 2026-02-23)
- secure_app ✅ (2026-02-22 18:08)
- cve-scanner-v2 ✅ (2026-02-23 12:17)
- cve-scanner-v6 ✅ (2026-02-23 13:41)
- cve-scanner-v7 ✅ (2026-02-23 13:46)
- cve-scanner-v8 ✅ (2026-02-23 14:10)
실패한 프로젝트
- file-integrity-monitor ❌ - 테스트 실패
- cve-scanner-v3 ❌ - 테스트 실패
- cve-scanner-v5 ❌ - 테스트 실패
공통 문제: 테스트 코드가 구현 로직과 일치하지 않음 → 프롬프트 개선 필요
문제 해결
ChatDev 연결 실패
# ChatDev 서버 상태 확인
curl http://localhost:6400/health
# 서버 재시작
cd ../chatdev-v2
python server_main.py --port 6400
테스트 실패
# 로그 확인
tail -f logs/builder.log
# 수동 테스트 실행
cd projects/cve-scanner-v2
pytest tests/
GitHub 배포 실패
# Git 권한 확인
ssh -T [email protected]
# 토큰 권한 확인
curl -H "Authorization: token {GITHUB_TOKEN}" https://api.github.com/user
의존성
- Python 3.11+
- ChatDev 2.0
- GLM-5 API
- GitHub Personal Access Token
- Notion API
라이선스
MIT License
참고
- 저장소: https://github.com/rebugui/builder-agent
- ChatDev 2.0: https://github.com/OpenBMB/ChatDev
- 메인 저장소: https://github.com/rebugui/OpenClaw
Usage Guidance
This skill bundles a large Python codebase and runtime instructions that: (1) ask you to create/copy a .env with API keys (GitHub, Notion, GLM), (2) clone and run external services (ChatDev/chatdev-v2) from an external GitHub repo, (3) run subprocesses and can auto-modify and push code to GitHub, and (4) schedule recurring jobs. Before installing or running it: - Do not provide high-privilege tokens. Instead create minimally-scoped machine/service tokens (GitHub machine user with only repo/create/push scopes needed) and a Notion token limited to a single database. - Inspect the code locally (especially builder/correction/fixer.py, integration/github_publisher.py, ACP_TEST_PLAN.md) to confirm what will be executed and what is published. - Avoid running 'git clone' or starting services from untrusted external repositories; prefer to inspect/verify that external repo first. - Run the skill in an isolated environment (VM or container) without access to sensitive networks or credentials until you are confident. - If you expect more assurance, ask the publisher for a homepage, source provenance, or a reproducible package release (not an arbitrary git clone) and request the registry metadata be updated to list the required environment variables. Installing without these precautions could expose your tokens, allow code to be pushed publicly, or enable automated production runs that you didn't intend.
Capability Analysis
Type: OpenClaw Skill
Name: dev-factory
Version: 1.1.0
The bundle implements an autonomous development agent with high-risk capabilities, most notably arbitrary shell command execution using 'shell=True' in builder/symphony/workspace.py and builder/symphony/glm5_agent.py. It constructs these commands based on outputs from external LLMs (GLM-5 and Claude) without apparent sanitization, creating a significant risk for Remote Code Execution (RCE) via prompt injection. While these features are aligned with the stated goal of automated software development, the broad filesystem access, automated GitHub repository management, and Notion integration using sensitive user tokens represent a high-risk attack surface.
Capability Assessment
Purpose & Capability
The SKILL.md and included source implement discovery (GitHub, NVD, news), auto-building, self-correction, and GitHub/Notion integration — which matches the description — but the registry metadata declares no required environment variables or credentials while the SKILL.md requires GLM_API_KEY, GITHUB_TOKEN, NOTION_API_KEY, NOTION_DATABASE_ID and other values. That mismatch (declared none vs. instructions requiring secrets) is an incoherence and risk signal.
Instruction Scope
Runtime instructions tell the agent/user to clone an external GitHub repo, run a local ChatDev server, copy a .env with secrets, run discovery/build scripts, and schedule cron jobs. The bundle's files show use of subprocess/CLI calls, sessions_spawn-like execution, automatic code modification (fixer logic), and automatic GitHub publishing — actions that read/write files, execute local commands, and send data to third-party endpoints beyond a single API. These steps go beyond a small helper and grant broad discretion to modify and publish code.
Install Mechanism
There is no official install spec in the registry, but SKILL.md instructs git cloning https://github.com/rebugui/OpenClaw.git and starting local services (chatdev-v2). Cloning an external repository at install/run time is a high-risk download path because it pulls code from an external source not validated by the registry. The skill package itself contains many code files (not instruction-only), increasing the attack surface.
Credentials
The SKILL.md requests multiple credentials (GLM API key, GLM_BASE_URL, GITHUB_TOKEN, GITHUB_USERNAME, NOTION_API_KEY, NOTION_DATABASE_ID, CHATDEV_URL). Those are individually reasonable for the claimed integrations, but the registry lists none — this divergence is unexpected. The skill also references other engine tokens (Claude/Codex) in docs and supports spawning external agents, so the actual credential needs may be broader than documented.
Persistence & Privilege
always:false (good). However the skill includes cron config examples and scripts to register periodic discovery/build jobs and to auto-publish to GitHub, and its code can run subprocesses and spawn other agents (sessions_spawn). Autonomous invocation combined with the ability to modify/push code and use multiple credentials increases blast radius — not problematic by itself, but important for user caution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install dev-factory - After installation, invoke the skill by name or use
/dev-factory - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Version 1.1.0 – Major enhancement release.
- Added new Symphony engine with orchestration, state management, concurrency, and enhanced Notion tracking.
- Introduced comprehensive test suite (unit and integration tests) under a new tests/ directory.
- Added new utilities for spec validation, template management, and build checkpoints.
- Updated core builder pipeline and orchestrator logic for improved modularity and error handling.
- Expanded documentation with QUICK_START.md, WORKFLOW.md, and ENHANCEMENT_REPORT.md.
- Refined and updated configuration files, including environment, requirements, and scheduler examples.
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Dev Factory?
Automates software development by discovering ideas from GitHub, CVEs, and news, generating code with ChatDev 2.0 agents, testing, self-correcting, and publi... It is an AI Agent Skill for Claude Code / OpenClaw, with 379 downloads so far.
How do I install Dev Factory?
Run "/install dev-factory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Dev Factory free?
Yes, Dev Factory is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Dev Factory support?
Dev Factory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Dev Factory?
It is built and maintained by rebugui (@rebugui); the current version is v1.1.0.
More Skills