CCO / Chief Customer Officer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cco Version: 1.0.2 The skill bundle is classified as suspicious due to the explicit instruction in `memory-template.md` for the AI agent to execute shell commands (`mkdir -p ~/cco` and `touch ~/cco/memory.md`). While these specific commands are benign and intended for setup, the direct execution of shell commands from a markdown file by the agent represents a shell injection vulnerability. There is no clear evidence of malicious intent such as data exfiltration or persistence, but the presence of this risky capability warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Customer metrics, at-risk account names, and expansion opportunities could be stored locally and reused in future conversations.
The skill instructs use of a persistent local memory file that may contain customer and business-priority information used in later CCO guidance.
Copy to `~/cco/memory.md` on first use... ## Key Accounts at Risk ... ## Expansion Pipeline
Review what is saved in ~/cco/memory.md, avoid unnecessary confidential customer details, and periodically remove or update stale information.