Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Company Ceo
v2.0.0AI Company CEO技能包:五层Hub-and-Spoke架构、Orchestrator-Workers协作、Guardrail护栏、CI/CD for Prompt、核心KPI指标库、NIST AI RMF对齐
⭐ 0· 78·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is an orchestration/governance package for an 'AI company' and its requested capabilities (network access, file read/write, subagent sessions) are plausibly needed for orchestration, KPI collection, and CI/CD for prompts. However, it names many integrations (ERP, BI, vector DB, guardrails) but does not declare any required credentials or connector requirements in the manifest, which is an incomplete mapping between purpose and declared requirements.
Instruction Scope
SKILL.md contains detailed runtime instructions and a deployable prompt for acting as a CEO and orchestrating many agents; it does not include explicit commands that read arbitrary host files or environment variables, nor does it embed external endpoints. Still, the skill's declared 'permissions' allow broad file and network access and creation of subagents (mcp: sessions_send, subagents), so the operational instructions combined with those permissions give the skill wide discretion at runtime.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the package itself. That lowers install-time risk.
Credentials
No required environment variables or credential fields are declared, yet the instructions and KPI sections reference integrating with ERP, BI dashboards, and external systems. The manifest also grants network API and file read/write permissions. The absence of explicit credential requirements or a clear connector model is disproportionate to the number of external systems the skill expects to interact with.
Persistence & Privilege
always is false (good), but the skill requests mcp permissions to send sessions and spawn subagents, plus file read/write and network API access. Combined, these runtime privileges allow the skill to create subordinate agents and perform networked actions — a high-capability combination that increases blast radius if misused. The skill also claims to be 'vetted' in metadata despite unknown provenance.
What to consider before installing
This skill looks functionally coherent for a multi-agent 'CEO' orchestration role but requests broad runtime privileges (file read/write, network API calls, ability to spawn subagents) while not declaring how external credentials or connectors (ERP, BI, DBs) will be supplied. Before installing: 1) Ask the publisher for provenance and the vetting audit that justifies the 'securityStatus: Vetted' claim. 2) Require least-privilege runtime policies: limit file system scope, restrict network hosts/domains, and disable or gate subagent creation unless explicitly approved. 3) Confirm how credentials/connectors will be provided (platform-managed secrets vs. embedded env vars) and insist on per-connector allowlists. 4) Test in an isolated sandbox with monitoring and audit logs enabled to observe any spawned subagents or unexpected network calls. 5) Review the listed dependent skills (ai-company-*) to ensure they are trustworthy and to understand the full attack surface. If you cannot validate provenance or restrict its runtime permissions, do not grant it broad file/network/subagent privileges.Like a lobster shell, security has layers — review code before you run it.
ai-companyvk97aqp1f1p309ncj0x0cca2zsd84s4xacho-compliancevk97aqp1f1p309ncj0x0cca2zsd84s4xahub-spokevk97aqp1f1p309ncj0x0cca2zsd84s4xalatestvk973m7n4t62gq7wnzahvech8nh84tw1vorchestratorvk97aqp1f1p309ncj0x0cca2zsd84s4xa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.