boardroom-advisor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: boardroom-advisor Version: 1.0.0 The OpenClaw skill 'boardroom-advisor' is designed to simulate a business advisory board. It requests `network` permission to optionally use the OpenRouter API for a stronger LLM model and `filesystem` permission to write generated decision briefs and interactive dashboards to the working directory. While the skill asks the user for sensitive business context, this is explicitly for the purpose of the simulation and not for exfiltration. All instructions in `SKILL.md` are clearly aligned with the stated purpose, and there is no evidence of malicious intent such as data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts to subvert the agent's core function or hide its actions. The use of `OPENROUTER_API_KEY` is transparent and for a legitimate, optional feature.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may start a boardroom analysis for major decisions and may use a stronger external model without a separate prompt if the environment supports it.
The skill can be invoked proactively and can use a sub-agent/model override. This is aligned with its advisory purpose, but it may consume tokens or paid provider resources if configured.
“Proactively: You identify the user is facing a major decision — run the board without being asked.” ... “Spawn one sub-agent with model `openrouter/anthropic/claude-opus-4.6`”
If you want tighter control, require the agent to ask before spawning a sub-agent or using OpenRouter.
Using the optional key may incur OpenRouter usage under your account.
The skill optionally uses an OpenRouter API key. This is expected for the stronger-model integration and no embedded credential is shown, but it grants access to the user’s OpenRouter account.
“Requires `OPENROUTER_API_KEY` in the environment” and `"env": { "OPENROUTER_API_KEY": "sk-or-..." }`Store the key securely, monitor usage, and remove it if you do not want this skill to use OpenRouter.
Private business metrics and strategic context could be shared with the configured model provider or sub-agent during deliberation.
The skill may pass detailed business context to a sub-agent and, when OpenRouter is configured, to an external model provider. This is central to the skill’s function but may include sensitive business information.
“Give it the full task: business context, the decision” and asks for “MRR or ARR,” “Customers,” “CAC and LTV,” “Goals,” and “Constraints.”
Avoid including confidential details unless you are comfortable sharing them with the configured model provider, or run the board on the current/local model instead.