← 返回 Skills 市场
fortunto2

Factory

作者 Rust · GitHub ↗ · v1.1.1
cross-platform ⚠ suspicious
659
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install solo-factory
功能描述
Install the full Solo Factory toolkit — 23 startup skills + solograph MCP server for code intelligence, KB search, and web search. Use when user says "instal...
安全使用建议
This skill appears to do what it says, but it uses risky install patterns (npx, GitHub plugin installs, and a curl | sh installer) and will modify agent/server configuration to auto-start services. Before installing: 1) Inspect the referenced GitHub repo (https://github.com/fortunto2/solo-factory and solograph) and review release artifacts and install scripts; 2) Avoid piping remote scripts to sh — download, inspect, and verify signatures/checksums first; 3) Prefer cloning the repo and running installs in a disposable VM/container or sandbox; 4) Expect interactive logins or elevated permissions for clawhub/claude/mcporter and verify what accounts will be used; 5) Backup any .mcp.json or agent config files before applying changes; 6) If you cannot audit the code, treat automatic installs and auto-starting MCP services as high risk and do not run them on production machines.
功能分析
Type: OpenClaw Skill Name: solo-factory Version: 1.1.1 The skill is classified as suspicious primarily due to the use of `curl -LsSf https://astral.sh/uv/install.sh | sh` in `SKILL.md` for installing the `uvx` dependency. This pattern, while common for installing legitimate tools, represents a significant remote code execution (RCE) vulnerability and supply chain risk, as it executes arbitrary code downloaded from a remote server without prior inspection. Although the stated intent is to install a legitimate tool, this method introduces a high-risk capability that could be exploited if the remote server or script were compromised, or if the author had malicious intent not immediately apparent. The `allowed-tools` also grant broad `Bash, Read, Write` permissions, which are necessary for an installer but amplify the risk of such commands.
能力评估
Purpose & Capability
The name/description claim a one-command installer for a 23-skill toolkit plus optional solograph MCP; the SKILL.md contains concrete commands (npx, clawhub, claude plugin, mcporter/.mcp.json edits, uvx solograph) that implement that purpose. No unrelated credentials or bizarre side effects are requested in the instructions.
Instruction Scope
Instructions tell the agent to run remote installers, install plugins across multiple agent platforms, and modify agent MCP configuration (.mcp.json, mcporter). They do not ask to read unrelated host files or environment variables, but they do instruct actions that give the installed components broad, persistent capabilities (auto-starting MCP, adding hooks).
Install Mechanism
There is no formal install spec in the registry, but the runtime instructions direct use of npx (executes remote packages), claude plugin installs from a GitHub URL, and explicitly suggest a curl -LsSf https://astral.sh/uv/install.sh | sh command — downloading and piping a script to sh is high risk. The instructions do not provide pinned releases, checksums, or verification steps.
Credentials
The skill declares no required environment variables or secrets, which is consistent. However some of the suggested flows (clawhub install, claude plugin install, mcporter config) may require account credentials or elevated access at runtime even though they are not declared — the documentation does not warn about or justify these implicit auth/permission requirements.
Persistence & Privilege
The installer configures long-running components (solograph MCP), suggests MCP auto-start and adding hooks/plugins across agents, and edits agent configuration (mcporter/.mcp.json). While plausible for a toolkit installer, these are persistent, cross-agent changes that increase the blast radius if the installed code is malicious or buggy.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install solo-factory
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /solo-factory 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.1
Universalize: remove project-specific references, add SearXNG recommendation
v1.1.0
3 install methods: npx skills, clawhub, Claude Code plugin
v1.0.0
Meta-skill: one-command setup for all 23 solo skills + solograph MCP
元数据
Slug solo-factory
版本 1.1.1
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Factory 是什么?

Install the full Solo Factory toolkit — 23 startup skills + solograph MCP server for code intelligence, KB search, and web search. Use when user says "instal... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 659 次。

如何安装 Factory?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install solo-factory」即可一键安装,无需额外配置。

Factory 是免费的吗?

是的,Factory 完全免费(开源免费),可自由下载、安装和使用。

Factory 支持哪些平台?

Factory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Factory?

由 Rust(@fortunto2)开发并维护,当前版本 v1.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论