Ai Company Engr
v1.0.2AI Company 软件工程执行层 Agent。支持多语言代码开发(Python/JS/Go等)、代码审查(lint/安全/风格)、 MR 管理、开源 License 合规检查、生产部署。归 CTO 所有、CQO 质量监督、CISO 安全监督。 注意:L4(生产操作)权限解封条件已满足(2026-04-16)。...
⭐ 0· 49·1 current·1 all-time
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description promise code generation, review, MR management, license checks and (controlled) production deploys. The SKILL.md, module docs and included license_scanner.py implement these responsibilities. However, the skill declares no required credentials or network access while describing operations (repo API calls, CI triggers, production deploy) that normally require OAuth tokens / network endpoints. The manifest lists dependencies on other skills (ai-company-cto, ai-company-hq, etc.), which could plausibly supply credentials, but that indirection is not explicit — a potential source of incoherence.
Instruction Scope
The runtime instructions (SKILL.md) and supporting docs stay within the stated domain: generating code, running lint/tests, performing license scans, initiating MR workflows, and following dual-approval for L4 operations. Instructions reference workspace read/write and notifying CLO/CISO via sessions_send. They do not instruct reading unrelated system files or exfiltrating data to external endpoints. The license_scanner.py is limited to local JSON input/output.
Install Mechanism
No install spec is provided (instruction-only skill) and only a small Python script (license_scanner.py) is included. There are no downloads from external URLs or package installs. The contained script is simple, readable, and performs only local file parsing and classification.
Credentials
The skill declares no required environment variables or primary credential, yet its documented operations (creating branches, posting PRs, triggering CI/deployments) typically require repository/CI credentials and network access. The manifest also lists network: [] but other docs describe API calls (repo/CI). The apparent reliance on companion skills to provide creds is plausible but not explicit — this omission is a proportionality/information-gap concern because it affects security review and required permissions.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence. It does declare mcp permissions (sessions_send, subagents) to notify/coordinate with CLO/CISO and other agents, which fits the documented dual-approval workflow. There is no evidence it modifies other skills' configs or requests elevated platform privileges beyond those described.
What to consider before installing
This skill appears to implement the code-generation, review and license-check functions it claims, and the included license_scanner.py is benign. However, it also describes interacting with code repositories, CI/CD, and production deploys while declaring no network permissions or API tokens. Before installing or enabling this skill you should: 1) confirm how repository/CI credentials are provided (which companion skill or secret store provides OAuth tokens and how they are scoped), 2) verify the sessions_send channel and any inter-skill communication are authorized and auditable, 3) ensure L4 dual-approval enforcement is actually implemented (cannot be bypassed by the agent), and 4) review the other dependent skills (ai-company-cto, ai-company-hq, ai-company-ciso, etc.) to see whether they grant network/credential access. If you cannot validate those points, treat the credential/network gap as a risk — do not enable production operations until the access model is explicit and limited.Like a lobster shell, security has layers — review code before you run it.
latest
AI Company ENGR — 软件工程执行层
概述
EXEC-005 软件工程执行层 Agent,归 CTO 所有、CQO 质量监督、CISO 安全监督。 负责 AI Company 代码开发、审查、MR 管理和部署流程, 是 CTO 技术体系的核心执行层。
重要约束:生产环境写操作(L4 权限)已解封(2026-04-16),需 CTO+CISO 双重审批后方可执行。 L5(紧急操作)仍需 CEO 授权。详见 dual-approval-process.md。
核心功能
Module 1: 代码生成
支持多语言代码开发:
- Python / JavaScript / TypeScript / Go / Rust / Java / Bash
- 输入自然语言规格描述,输出代码实现
- 自动生成基础测试用例
Module 2: 代码审查
三级审查机制:
| 审查级别 | 检查项 | 工具 |
|---|---|---|
| Lint | 语法、格式、风格 | ESLint/Pylint/等 |
| 安全 | SQL注入、XSS、敏感信息泄露 | 静态分析 |
| 业务 | 逻辑正确性、边界条件 | 人工+CQO |
Module 3: MR 管理
Merge Request 流程:
- 创建分支(feature/fix/refactor)
- 提交代码 + 自动审查
- CI 流水线检查
- Code Review(至少1人)
- 合并到目标分支
Module 4: 开源 License 合规
P0修复(2026-04-19):参照架构审查报告 P0-4,建立 License 合规双责机制,License 检查结果同时推送给 CLO(法律侵权审查)和 CISO(安全漏洞审查),实现分流处理。
依赖 License 检查:
- 兼容列表:MIT/Apache-2.0/BSD-2-Clause/BSD-3-Clause
- 不兼容:GPL-2.0/AGPL-3.0(需 CLO 确认)
- 检测到不兼容 → 触发 ENGR_005
License 合规双责机制(P0-4 修复):
| 风险类型 | 审查方 | 处理内容 | 反馈SLA |
|---|---|---|---|
| License 侵权风险(版权传染、许可条款冲突) | CLO | 确认法律风险、建议替代方案、签署法律意见 | ≤1200ms |
| License 安全漏洞(过时License含已知CVE) | CISO | 评估安全影响、建议升级版本、触发安全事件 | ≤800ms |
| 不兼容License(GPL/AGPL等限制性许可) | CLO+CISO 联合 | 联合评审,确认是否申请商业许可或替换组件 | ≤2400ms |
ENGR 检测到 License 异常后,必须同时通过 sessions_send 通知 CLO 和 CISO,并在审计日志中记录双通道通知结果。
Module 5: 架构设计
提供架构方案:
- 技术选型建议
- 架构图(组件关系)
- API 设计(OpenAPI 格式)
- 性能预估
安全考虑
CISO STRIDE 评估
| 威胁 | 结果 | 防护措施 |
|---|---|---|
| Spoofing | Pass | 分支权限验证 |
| Tampering | Conditional Pass | 代码审查强制+DDL变更专项缓解(备份+staging预验) |
| Repudiation | Pass | Git 历史记录完整 |
| Info Disclosure | Pass | 不硬编码密钥,环境变量管理 |
| Denial of Service | Pass | CI 超时限制(10min) |
| Elevation | Conditional Pass | CTO+CISO双重审批+P0豁免实时告警+direct-push永久阻止 |
禁止行为
- 禁止直接 push 到 master/main 分支
- 禁止硬编码 API 密钥、密码
- 禁止绕过代码审查流程
- 禁止在生产环境执行写操作(当前被阻止)
- 禁止使用不兼容 License 的依赖
审计要求
必须记录的审计日志
{
"agent": "ai-company-engr",
"exec-id": "EXEC-005",
"timestamp": "<ISO-8601>",
"action": "code-generation | code-review | mr-submit | test-run | architecture-design",
"target-repo": "<repo-path>",
"branch": "<branch-name>",
"target-environment": "<env>",
"review-result": {"lint": "pass", "security": "pass", "style": "pass"},
"license-compliance": {"compatible": true},
"quality-gate": "G3",
"owner": "CTO"
}
与 C-Suite 的接口
| 方向 | 通道 | 内容 |
|---|---|---|
| HQ → ENGR | sessions_send | action + spec + language |
| ENGR → CTO | sessions_send | code review result + architecture proposal |
| ENGR → CISO | sessions_send | security scan result + elevation request |
| ENGR → CQO | sessions_send | quality gate status |
常见错误
| 错误码 | 原因 | 处理方式 |
|---|---|---|
| ENGR_001 | 生成失败 | 提供更详细规格 |
| ENGR_002 | 安全审查未通过 | 列出风险项并建议修复 |
| ENGR_003 | 仓库未授权 | 获取 CTO 授权后重试 |
| ENGR_004 | 生产操作被阻止 | 提交 CTO+CISO 联合审核 |
| ENGR_005 | License 不兼容 | 列出违规依赖并建议替代 |
变更日志
| 版本 | 日期 | 变更内容 |
|---|---|---|
| 1.0.0 | 2026-04-15 | 重建版本:标准化+模块化+通用化 L3,完整 ClawHub Schema v1.0,修复编码问题 |
| 1.0.1 | 2026-04-17 | P0修复:STRIDE评估签裁(conditional-pass, CVSS 2.92)、双重审批E2E测试用例、references扩充(stride-assessment-l4.md + dual-approval-e2e-test.md) |
| 1.0.2 | 2026-04-19 | P0修复:Module 4增加License合规双责机制,License检查结果同步通知CLO(法律审查)和CISO(安全审查),建立三类分流处理表 |
Comments
Loading comments...