OPC (One-Person Company) Framework - Complete AI agent system for solo entrepreneurs with 14 integrated skills. From ideation to deployment - creative planni...
Security Analysis
high confidenceAn instruction-only multi-skill framework for solo founders that is internally consistent: it contains guidance for ideation, development, deployment, and operations but requests no credentials, binaries, or installs in its packaged form.
The skill's name/description (OPC Framework for solo entrepreneurs) matches the delivered content: 14 language-localized subskills covering planning, research, writing, development, deployment, operations, etc. Required resources are all advisory (LLM providers, BaaS, SaaS tools) and there are no declared environment variables, binaries, or config paths that would be mismatched with the stated purpose.
The SKILL.md and subskill documents are prose guidance and templates describing what the agent should do (e.g., use social-listening, check domains, clone boilerplates, configure environment variables, integrate with services like Supabase, Zapier, Sentry, Buffer). This is consistent with a workflow-oriented framework. Nothing in the instructions directs the agent to read arbitrary host files or hidden credentials; however many steps implicitly assume the user will connect third-party services (which requires credentials) — the skill itself does not request or access them.
There is no install specification and no code files executed by the platform. This instruction-only packaging minimizes risk associated with downloads or running third-party code. The included files are documentation/skill metadata only.
The registry metadata declares no required environment variables, no primary credential, and no config paths. Subskills mention typical operational secrets in the context of configuring third-party services (e.g., API keys for BaaS or monitoring services) but do not demand them at install time. The requested access footprint is proportionate to a workflow that may later integrate with external tools.
Flags show always:false and normal autonomous invocation allowed. The skill does not request persistent presence, nor does it modify other skills or system-wide configs. Being user-invocable and able to run autonomously is the platform default and is not, by itself, an elevated privilege here.
Guidance
This package is an instruction-only framework and appears coherent with its stated purpose. Before installing or running it, consider the following: - The skill itself does not require keys or install anything, but many subskills recommend connecting third-party services (Supabase, Firebase, Zapier/Make, Sentry, Buffer, Cloudflare, payment platforms). Only provide API keys or webhook access to those services when you intentionally enable a particular integration and trust the recipient. - Review which subskills you plan to use. If you only need ideation and PRD writing, you can ignore the deployment/ops recommendations that imply infrastructure changes. - The framework suggests actions that may cause external network activity (domain checks, social listening, publishing to social platforms, automated replies). Treat those as user-driven choices and verify any automation you configure sends data only to destinations you approve. - Because this is instruction-only text, it cannot autonomously exfiltrate secrets from your environment without you wiring it to external services. Still, be cautious when granting it downstream permissions (webhooks, Zapier, Slack tokens, cloud provider keys). If you want deeper assurance, ask the skill author for a minimal manifest of which subskills perform network calls and a list of exact endpoints they will contact when enabled.
Latest Release
v1.0.0
Initial release - 14 skills for one-person company
Popular Skills
Published by @tohnee on ClawHub
