ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Board Meeting

v2.1.1

Multi-agent board meeting protocol for strategic decisions. Runs a structured 6-phase deliberation: context loading, independent C-suite contributions (isola...

0· 342·2 current·2 all-time
byAlireza Rezvani@alirezarezvani
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's behaviors (running isolated role contributions, critic, synthesis, and writing approved decisions) are coherent with a 'board meeting' facilitator. However, it expects access to agent persistent memory files (e.g., memory/company-context.md and memory/board-meetings/*.md) even though the registry metadata declares no required config paths or credentials. That omission is a mismatch between stated requirements and actual operation.
!
Instruction Scope
SKILL.md explicitly instructs the agent to load specific memory files (Layer 2 decisions) and to write raw transcripts and approved decisions to memory paths. Those are substantive I/O actions that persist potentially sensitive company data. The skill enforces not loading raw transcripts in Phase 1 (good) but still creates them in Phase 6. The instructions also reference an external format file (agent-protocol/SKILL.md) that is not present in the file manifest.
Install Mechanism
Instruction-only skill with no install steps, no downloaded code, and no required binaries—this is the lowest install risk and consistent with a facilitation protocol.
!
Credentials
The skill declares no environment variables or config paths but performs read/write operations on persistent memory locations. Requesting or using memory access should be declared in requires.config/paths so administrators understand what will be read and stored. There are no unrelated credentials requested, which is appropriate.
!
Persistence & Privilege
The skill will persist raw transcripts and decision records to memory (Layer 1 and Layer 2). Persisting sensitive board-level transcripts is a high-impact operation; the skill does not declare this persistence in its metadata. 'always' is false and autonomous invocation is allowed (normal), but the combination of autonomous runs + undeclared persistent writes raises the blast radius if misused.
What to consider before installing
This skill appears to do what it says (a structured 6-phase board meeting), but it reads and writes persistent memory files (company context, decisions, raw transcripts) while the registry shows no declared config paths or storage permissions. Before installing: 1) Confirm with the skill owner/platform whether the skill will be granted access to your agent's memory storage and where those files will be stored and who can read them. 2) Ensure raw transcripts (Layer 1) will be stored securely and that the auto-archive / retention policy matches your data-sensitivity requirements. 3) Verify the missing reference (agent-protocol/SKILL.md) and ask for documentation of how Phase 2 isolation is enforced. 4) If you do not want persistent transcripts or Layer 2 decisions written automatically, do not install or require a version that declares config paths and gives you explicit opt-in for storage. If you need more assurance, ask the publisher for a README describing exact memory I/O and retention policies and for the identity/verification of the publisher (owner ID).

Like a lobster shell, security has layers — review code before you run it.

latestvk976awf298hezhjt9q2jxcfjch82nq74
342downloads
0stars
2versions
Updated 6h ago
v2.1.1
MIT-0
Alireza Rezvani@alirezarezvani
latest
Download

Board Meeting Protocol

Structured multi-agent deliberation that prevents groupthink, captures minority views, and produces clean, actionable decisions.

Keywords

board meeting, executive deliberation, strategic decision, C-suite, multi-agent, /cs:board, founder review, decision extraction, independent perspectives

Invoke

/cs:board [topic] — e.g. /cs:board Should we expand to Spain in Q3?

The 6-Phase Protocol

PHASE 1: Context Gathering

  1. Load memory/company-context.md
  2. Load memory/board-meetings/decisions.md (Layer 2 ONLY — never raw transcripts)
  3. Reset session state — no bleed from previous conversations
  4. Present agenda + activated roles → wait for founder confirmation

Chief of Staff selects relevant roles based on topic (not all 9 every time):

TopicActivate
Market expansionCEO, CMO, CFO, CRO, COO
Product directionCEO, CPO, CTO, CMO
Hiring/orgCEO, CHRO, CFO, COO
PricingCMO, CFO, CRO, CPO
TechnologyCTO, CPO, CFO, CISO

PHASE 2: Independent Contributions (ISOLATED)

No cross-pollination. Each agent runs before seeing others' outputs.

Order: Research (if needed) → CMO → CFO → CEO → CTO → COO → CHRO → CRO → CISO → CPO

Reasoning techniques: CEO: Tree of Thought (3 futures) | CFO: Chain of Thought (show the math) | CMO: Recursion of Thought (draft→critique→refine) | CPO: First Principles | CRO: Chain of Thought (pipeline math) | COO: Step by Step (process map) | CTO: ReAct (research→analyze→act) | CISO: Risk-Based (P×I) | CHRO: Empathy + Data

Contribution format (max 5 key points, self-verified):

## [ROLE] — [DATE]

Key points (max 5):
• [Finding] — [VERIFIED/ASSUMED] — 🟢/🟡/🔴
• [Finding] — [VERIFIED/ASSUMED] — 🟢/🟡/🔴

Recommendation: [clear position]
Confidence: High / Medium / Low
Source: [where the data came from]
What would change my mind: [specific condition]

Each agent self-verifies before contributing: source attribution, assumption audit, confidence scoring. No untagged claims.

PHASE 3: Critic Analysis

Executive Mentor receives ALL Phase 2 outputs simultaneously. Role: adversarial reviewer, not synthesizer.

Checklist:

  • Where did agents agree too easily? (suspicious consensus = red flag)
  • What assumptions are shared but unvalidated?
  • Who is missing from the room? (customer voice? front-line ops?)
  • What risk has nobody mentioned?
  • Which agent operated outside their domain?

PHASE 4: Synthesis

Chief of Staff delivers using the Board Meeting Output format (defined in agent-protocol/SKILL.md):

  • Decision Required (one sentence)
  • Perspectives (one line per contributing role)
  • Where They Agree / Where They Disagree
  • Critic's View (the uncomfortable truth)
  • Recommended Decision + Action Items (owners, deadlines)
  • Your Call (options if founder disagrees)

PHASE 5: Human in the Loop ⏸️

Full stop. Wait for the founder.

⏸️ FOUNDER REVIEW — [Paste synthesis]

Options: ✅ Approve | ✏️ Modify | ❌ Reject | ❓ Ask follow-up

Rules:

  • User corrections OVERRIDE agent proposals. No pushback. No "but the CFO said..."
  • 30-min inactivity → auto-close as "pending review"
  • Reopen any time with /cs:board resume

PHASE 6: Decision Extraction

After founder approval:

  • Layer 1: Write full transcript → memory/board-meetings/YYYY-MM-DD-raw.md
  • Layer 2: Append approved decisions → memory/board-meetings/decisions.md
  • Mark rejected proposals [DO_NOT_RESURFACE]
  • Confirm to founder with count of decisions logged, actions tracked, flags added

Memory Structure

memory/board-meetings/
├── decisions.md          # Layer 2 — founder-approved only (Phase 1 loads this)
├── YYYY-MM-DD-raw.md     # Layer 1 — full transcripts (never auto-loaded)
└── archive/YYYY/         # Raw transcripts after 90 days

Future meetings load Layer 2 only. Never Layer 1. This prevents hallucinated consensus.

Failure Mode Quick Reference

FailureFix
Groupthink (all agree)Re-run Phase 2 isolated; force "strongest argument against"
Analysis paralysisCap at 5 points; force recommendation even with Low confidence
BikesheddingLog as async action item; return to main agenda
Role bleed (CFO making product calls)Critic flags; exclude from synthesis
Layer contaminationPhase 1 loads decisions.md only — hard rule

References

  • templates/meeting-agenda.md — agenda format
  • templates/meeting-minutes.md — final output format
  • references/meeting-facilitation.md — conflict handling, timing, failure modes

Comments

Loading comments...