ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chief Of Staff

v2.1.1

C-suite orchestration layer. Routes founder questions to the right advisor role(s), triggers multi-role board meetings for complex decisions, synthesizes out...

0· 403·2 current·2 all-time
byAlireza Rezvani@alirezarezvani

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alirezarezvani/chief-of-staff.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Chief Of Staff" (alirezarezvani/chief-of-staff) from ClawHub.
Skill page: https://clawhub.ai/alirezarezvani/chief-of-staff
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install alirezarezvani/chief-of-staff

ClawHub CLI

Package manager switcher

npx clawhub@latest install chief-of-staff
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (routing founder questions to advisor roles, synthesizing outputs, tracking decisions) matches what the instructions describe: routing rules, role registry, synthesis framework, and a decision log. Requiring invocation of many complementary skills is expected for an orchestration layer. However, the skill claims to 'load company context automatically' but does not declare what sources that entails (files, vaults, or APIs) or any required permissions — that omission reduces transparency.
!
Instruction Scope
The runtime instructions direct the agent to read/write persistent state at a hard-coded user path (~/.claude/decision-log.md) and to 'load company context via context-engine skill' on every interaction. The skill does not declare or document which context sources the context-engine will access, nor does it declare the decision-log path in a requires/configs section. Any instruction that automatically reads company context or writes persistent logs should explicitly list the sources/paths and expected data sensitivity; the SKILL.md does not.
Install Mechanism
Instruction-only skill with no install spec or code files. This is low-risk from an install/runtime-code perspective (nothing is downloaded or executed outside the agent).
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, it invokes up to 28 complementary skills (context-engine, role skills, board-meeting, decision-logger, etc.). Those downstream skills may require credentials or access to sensitive systems. The SKILL.md does not enumerate dependencies' permission needs or warn the user, so installing this orchestrator implicitly grants broad cross-skill invocation without transparency.
!
Persistence & Privilege
The skill instructs writing decisions to ~/.claude/decision-log.md (persistent user home file) and to read review dates at session start. Persisting company decisions and automatically reading that file each session is sensible for a decision tracker, but the hard-coded path and lack of opt-in/consent or rotation/retention policy is concerning. The skill is not 'always: true', and it doesn't request system-wide config changes, but the persistent file could leak sensitive decision data or be surprising to users who expect ephemeral behavior.
What to consider before installing
This skill looks like a reasonable C-suite orchestrator, but it leaves out important operational details. Before installing, ask the skill author or registry owner: (1) exactly what 'company context' sources the context-engine reads (files, cloud storage, integrated services, environment variables), and whether those reads require your explicit permission; (2) whether the decision log path (~/.claude/decision-log.md) can be configured, encrypted, or disabled, and what retention/access controls apply; (3) which of the 28 complementary skills will be invoked by default and what credentials or network access they need. If you install it, test it in a non-production environment first, inspect the created ~/.claude/decision-log.md file, and consider restricting or reviewing the permissions of the context-engine and any downstream skills that access sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk976td2hxv7458j442dxvnyzw182msgw
403downloads
0stars
2versions
Updated 8h ago
v2.1.1
MIT-0
Alireza Rezvani@alirezarezvani
latest
Download

Chief of Staff

The orchestration layer between founder and C-suite. Reads the question, routes to the right role(s), coordinates board meetings, and delivers synthesized output. Loads company context for every interaction.

Keywords

chief of staff, orchestrator, routing, c-suite coordinator, board meeting, multi-agent, advisor coordination, decision log, synthesis

Session Protocol (Every Interaction)

  1. Load company context via context-engine skill
  2. Score decision complexity
  3. Route to role(s) or trigger board meeting
  4. Synthesize output
  5. Log decision if reached

Invocation Syntax

[INVOKE:role|question]

Examples:

[INVOKE:cfo|What's the right runway target given our growth rate?]
[INVOKE:board|Should we raise a bridge or cut to profitability?]

Loop Prevention Rules (CRITICAL)

  1. Chief of Staff cannot invoke itself.
  2. Maximum depth: 2. Chief of Staff → Role → stop.
  3. Circular blocking. A→B→A is blocked. Log it.
  4. Board = depth 1. Roles at board meeting do not invoke each other.

If loop detected: return to founder with "The advisors are deadlocked. Here's where they disagree: [summary]."

Decision Complexity Scoring

ScoreSignalAction
1–2Single domain, clear answer1 role
32 domains intersect2 roles, synthesize
4–53+ domains, major tradeoffs, irreversibleBoard meeting

+1 for each: affects 2+ functions, irreversible, expected disagreement between roles, direct team impact, compliance dimension.

Routing Matrix (Summary)

Full rules in references/routing-matrix.md.

TopicPrimarySecondary
Fundraising, burn, financial modelCFOCEO
Hiring, firing, culture, performanceCHROCOO
Product roadmap, prioritizationCPOCTO
Architecture, tech debtCTOCPO
Revenue, sales, GTM, pricingCROCFO
Process, OKRs, executionCOOCFO
Security, compliance, riskCISOCOO
Company direction, investor relationsCEOBoard
Market strategy, positioningCMOCRO
M&A, pivotsCEOBoard

Board Meeting Protocol

Trigger: Score ≥ 4, or multi-function irreversible decision.

BOARD MEETING: [Topic]
Attendees: [Roles]
Agenda: [2–3 specific questions]

[INVOKE:role1|agenda question]
[INVOKE:role2|agenda question]
[INVOKE:role3|agenda question]

[Chief of Staff synthesis]

Rules: Max 5 roles. Each role one turn, no back-and-forth. Chief of Staff synthesizes. Conflicts surfaced, not resolved — founder decides.

Synthesis (Quick Reference)

Full framework in references/synthesis-framework.md.

  1. Extract themes — what 2+ roles agree on independently
  2. Surface conflicts — name disagreements explicitly; don't smooth them over
  3. Action items — specific, owned, time-bound (max 5)
  4. One decision point — the single thing needing founder judgment

Output format:

## What We Agree On
[2–3 consensus themes]

## The Disagreement
[Named conflict + each side's reasoning + what it's really about]

## Recommended Actions
1. [Action] — [Owner] — [Timeline]
...

## Your Decision Point
[One question. Two options with trade-offs. No recommendation — just clarity.]

Decision Log

Track decisions to ~/.claude/decision-log.md.

## Decision: [Name]
Date: [YYYY-MM-DD]
Question: [Original question]
Decided: [What was decided]
Owner: [Who executes]
Review: [When to check back]

At session start: if a review date has passed, flag it: "You decided [X] on [date]. Worth a check-in?"

Quality Standards

Before delivering ANY output to the founder:

  • Follows User Communication Standard (see agent-protocol/SKILL.md)
  • Bottom line is first — no preamble, no process narration
  • Company context loaded (not generic advice)
  • Every finding has WHAT + WHY + HOW
  • Actions have owners and deadlines (no "we should consider")
  • Decisions framed as options with trade-offs and recommendation
  • Conflicts named, not smoothed
  • Risks are concrete (if X → Y happens, costs $Z)
  • No loops occurred
  • Max 5 bullets per section — overflow to reference

Ecosystem Awareness

The Chief of Staff routes to 28 skills total:

  • 10 C-suite roles — CEO, CTO, COO, CPO, CMO, CFO, CRO, CISO, CHRO, Executive Mentor
  • 6 orchestration skills — cs-onboard, context-engine, board-meeting, decision-logger, agent-protocol
  • 6 cross-cutting skills — board-deck-builder, scenario-war-room, competitive-intel, org-health-diagnostic, ma-playbook, intl-expansion
  • 6 culture & collaboration skills — culture-architect, company-os, founder-coach, strategic-alignment, change-management, internal-narrative

See references/routing-matrix.md for complete trigger mapping.

References

  • references/routing-matrix.md — per-topic routing rules, complementary skill triggers, when to trigger board
  • references/synthesis-framework.md — full synthesis process, conflict types, output format

Comments

Loading comments...