ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Company Hq

v1.4.0

AI公司总部总控技能包。跨Agent协同、战略调度、IMA知识库同步中枢。

0· 93·1 current·1 all-time
by@johnsmithfan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an orchestration/hub that spawns and coordinates many C‑Suite subagents and references shared tools (news-service, knowledge-base/IMA sync, analytics-engine, state-manager, coordinator) and specific skill paths (tools/…, skills/ai-company-[role]/). However the package contains no tool code, no install spec, and no declared dependencies or config paths for those services. Also meta.json/_meta.json list version 1.3.1 while SKILL.md front matter is 1.4.0 — a package metadata/version mismatch. It's plausible the skill expects platform-provided APIs (sessions_spawn/sessions_send) and external tools to exist, but the bundle itself does not provide or declare them, which is an incoherence to surface to users.
Instruction Scope
Runtime instructions are focused on orchestration (session_spawn/session_send templates, task decomposition, audit logging, writing output files like CFO-pricing-model.md, and syncing to IMA). These actions are within the stated purpose. The SKILL.md also instructs agents to read/write files under skills/… and tools/… and to write audit logs ({agent}-audit-log). That behavior is expected for an orchestrator, but the instructions assume access to the filesystem and to platform hooks (webhook/thread support) without declaring those requirements. It also allows spawning many subagents (parallel runs up to 10 recommended), which increases resource and access surface.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer as part of the package.
Credentials
The skill declares no required environment variables or credentials, which is coherent for an internal orchestration doc. However, it references syncing to an external IMA knowledge base (sync_to_ima/get_ima_snapshot) and implies webhook/channel plugin hooks for session threads; no credentials, endpoints, or config paths for those external systems are declared. That omission is noteworthy: the SKILL.md expects integration points but doesn't declare what credentials or endpoints are needed to use them.
Persistence & Privilege
The skill does not request 'always: true' and keeps default autonomous invocation allowed (disable-model-invocation: false) — standard for skills that may spawn subagents. It does instruct writing audit logs and output files into skill/tool paths, which is normal for an orchestrator, but you should be aware it can spawn subagents and cause many filesystem writes or spawned sessions during use.
Scan Findings in Context
[NO_REGEX_MATCHES] expected: The package is instruction-only and the regex-based scanner had no code files to analyze; absence of findings is expected but not evidence of safety.
What to consider before installing
This skill reads like a legitimate orchestration/hub (spawning subagents, aggregating outputs, syncing to a shared knowledge base). Before installing: 1) Verify the platform provides sessions_spawn / sessions_send APIs and any channel hooks the SKILL.md expects; 2) Confirm the external tools/endpoints (IMA knowledge base, news-service, coordinator, etc.) actually exist in your environment and that you understand what credentials/endpoints they require — the skill does not declare or request them; 3) Note the version mismatch between SKILL.md (1.4.0) and meta files (1.3.1) — ask the author which is authoritative; 4) Be aware the skill can spawn multiple subagents and write files/audit logs to the workspace — if you run in a sensitive environment, limit autonomous invocations or supervise its runs; 5) If you need higher assurance, request the missing tool implementations or a clear dependency list (endpoints, required credentials, config paths) from the publisher before enabling it.

Like a lobster shell, security has layers — review code before you run it.

ai-companyvk977nyhkksz9y5n8hy9dx0p73n84m1sac-suitevk977nyhkksz9y5n8hy9dx0p73n84m1sagovernancevk977nyhkksz9y5n8hy9dx0p73n84m1salatestvk972540mpmbv9dvzjpfcnmeee184t3c8orchestrationvk977nyhkksz9y5n8hy9dx0p73n84m1sa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments