FAQ
Frequently asked questions about ForgeCat.
General
Can I install multiple profiles?
Yes — as many as you like. You install them one at a time (each forgecat install takes a single source), and ForgeCat tracks each profile independently via a lockfile.
What happens if I modify installed profile files?
Your changes are preserved. ForgeCat tracks file status — when you check for updates, it will show any conflicts and let you choose whether to keep your changes or accept the update.
Will installing a profile overwrite my existing settings?
No — not without asking. ForgeCat checks for conflicts before writing, so if a file already exists it prompts you before overwriting (use --force to overwrite, or --dry-run to preview the changes first).
Platform & Setup
Can I use multiple platforms in the same project?
Yes. ForgeCat auto-detects platforms in your project (e.g., Cursor + Claude Code) and installs the appropriate files for each. You can also specify platforms manually with --platform.
Can I use ForgeCat with OpenClaw or Hermes Agent?
Yes. Profiles move cleanly between Claude Code, Codex, and Cursor, and likewise between OpenClaw and Hermes Agent. Crossing the two groups is where you can lose things — the tools are built around different concepts, so parts of a profile may not carry over.
How are MCP API keys managed?
MCP configurations may reference environment variables (e.g., ${GITHUB_TOKEN}). The forgecat setup command helps you configure these variables locally. Your keys are never uploaded or shared.
Security & Trust
Are profiles safe to install?
Most profiles are just configuration, but some include scripts or hooks — these run with your permissions, and a profile can also set up MCP servers that reach external tools. ForgeCat never runs any of that without asking first, so nothing happens until you approve it (add -y/--yes to skip the prompt in CI). Every file is open to read before you install, so for a creator you don't know yet, a quick look is worth it.
Does ForgeCat check profiles for security issues?
Yes. Each profile version is automatically evaluated, and the result shows in the Security Risk section on its profile page — a Low, Medium, or High rating for its source, intent, permissions, and MCP servers. Treat it as a guide, not a verdict: it can flag a profile that's actually fine, and it can just as easily miss a real problem. So factor it in, but make the final call yourself.
ForgeCat