factoriago Security Report — Trusted | ClawSafe

5 /100

factoriago

FactoriaGo platform assistant — AI-driven academic paper revision and resubmission

The FactoriaGo skill is a legitimate academic paper revision platform API client with no malicious behavior, credential exfiltration, or hidden functionality. All capabilities match documentation.

Skill Namefactoriago

Duration37.0s

Enginepi

✓

Safe to install

Approve for use. The skill is a straightforward Node.js HTTPS API client for managing academic paper revision workflows.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md declares reading .md files; no file writes in scripts/factoriago-client…
Network	`READ`	`READ`	✓ Aligned	All HTTPS requests target editor.factoriago.com (lines 11-43 in scripts/factoria…
Shell	`NONE`	`NONE`	—	No subprocess/spawn calls; only used via `node scripts/factoriago-client.js`
Environment	`NONE`	`READ`	✓ Aligned	process.env.FACTORIAGO_COOKIE read only (line 87); no iteration through env vars…
Skill Invoke	`NONE`	`NONE`	—	No inter-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No direct database access

11 findings

🔗

Medium External URL 外部 URL

https://factoriago.com

FactoriaGo-Skill-Guide.md:9

🔗

Medium External URL 外部 URL

https://console.anthropic.com/keys

FactoriaGo-Skill-Guide.md:35

🔗

Medium External URL 外部 URL

https://platform.openai.com/api-keys

FactoriaGo-Skill-Guide.md:36

🔗

Medium External URL 外部 URL

https://aistudio.google.com/app/apikey

FactoriaGo-Skill-Guide.md:37

🔗

Medium External URL 外部 URL

https://platform.moonshot.cn/console/api-keys

FactoriaGo-Skill-Guide.md:38

🔗

Medium External URL 外部 URL

https://open.bigmodel.cn/usercenter/apikeys

FactoriaGo-Skill-Guide.md:39

🔗

Medium External URL 外部 URL

https://platform.minimaxi.com/user-center/basic-information/interface-key

FactoriaGo-Skill-Guide.md:40

🔗

Medium External URL 外部 URL

https://editor.factoriago.com

FactoriaGo-Skill-Guide.md:165

🔗

Medium External URL 外部 URL

https://editor.factoriago.com/api/*

SKILL.md:22

🔗

Medium External URL 外部 URL

https://editor.factoriago.com/api

SKILL.md:31

🔗

Medium External URL 外部 URL

https://factoriago.com/api/auth/login

references/api.md:91

File Tree

6 files · 34.5 KB · 893 lines

Markdown 5f · 572L JavaScript 1f · 321L

├─ ▾ 📁 references

│ ├─ 📝 api.md Markdown 98L · 3.1 KB

│ ├─ 📝 reviewer-response.md Markdown 100L · 3.2 KB

│ └─ 📝 revision-workflow.md Markdown 56L · 2.1 KB

├─ ▾ 📁 scripts

│ └─ 📜 factoriago-client.js JavaScript 321L · 14.4 KB

├─ 📝 FactoriaGo-Skill-Guide.md Markdown 166L · 5.7 KB

└─ 📝 SKILL.md Markdown 152L · 6.1 KB

Security Positives

✓ All network requests go only to the legitimate editor.factoriago.com API endpoint via HTTPS

✓ No shell execution, subprocess spawning, or eval() calls in the client script

✓ No credential exfiltration — API keys are sent only to the server's own /settings/llm endpoint

✓ Session cookie is stored in an environment variable (FACTORIAGO_COOKIE), not written to disk

✓ No base64-encoded payloads, no obfuscation, no anti-analysis patterns

✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env, etc.)

✓ No remote script execution (curl|bash, wget|sh patterns absent)

✓ HTML response detection (lines 37-40) prevents auth bypass via SPA redirects

✓ No supply chain risks — pure Node.js standard library, no external npm dependencies

✓ Documentation accurately reflects all code functionality with no shadow behavior

Scan Report

File Tree

Security Positives