Ai Company V1.0.4 Temp
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is broad and coherent, but it describes spending approvals, system operations, permission elevation, inter-agent routing, and auto-updates without clear user-level control boundaries.
Install only if you want a broad AI-company governance framework, and keep it advisory until you have reviewed and constrained any tools for spending, deployment, system administration, credentials, auto-updates, memory, and inter-agent messaging.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to system, cloud, deployment, or business tools, the agent could restart systems, change permissions, reallocate resources, or activate vendor/contract actions based on its own crisis workflow.
These are high-impact operational actions. The document frames approval through internal AI company roles, but it does not clearly require explicit confirmation from the real user or account owner before execution.
Crisis White-List (Direct CEO Action Allowed): - System-wide shutdown/restart commands - Emergency resource reallocation across departments - Temporary permission elevation for crisis responders - Emergency vendor/contract activation
Require explicit user approval for shutdowns, restarts, permission changes, vendor/contract activation, and resource reallocation; keep these workflows advisory unless a user confirms each action.
If the agent has purchasing or finance-tool access, it could approve or initiate spending without the user reviewing the transaction.
The skill defines automatic financial approval for small budgets and internal AI-role approvals for larger amounts, but does not clearly bind those approvals to real user consent or spending-account controls.
Budget Approval Rules: <$1K: Auto-approve with logging ... $10K-$100K: CFO + CEO dual approval ... >$100K: Board approval required
Disable auto-approval for real financial actions; require a human confirmation step and spending limits for every purchase, budget mutation, or payment-related operation.
A user could be led to run or rely on an unreviewed update script that changes skill behavior outside the immediate task.
The README describes a persistent auto-update mechanism and a force update script, but the reviewed package has no install spec or included script for verification.
Auto-Update ... Schedule | Weekly Sunday 02:00 UTC ... Manual Update: pwsh -File ...ai-company-auto-update.ps1 -Force
Do not run the auto-update command unless the script is supplied and reviewed; require pinned sources, signatures or hashes, and explicit user approval before updates.
API keys may expose billing or location-service access if stored or used carelessly.
The skill documents optional third-party API credentials for location services. This is purpose-aligned, but credentials should be scoped and declared clearly.
export GOOGLE_GEOLOCATION_API_KEY="your-key" ... export MLS_API_KEY="your-key" ... export UNWIRED_API_KEY="your-key"
Use least-privileged keys, store them in a secret manager or environment variables, avoid logging them, and update metadata to declare optional credential use.
Financial or operational data could be retained and reused later if an implementation follows this reference.
The finance workflow anticipates retaining raw and aggregated business data. Retention is disclosed and partly controlled, but it remains sensitive persistent context.
Sanitization: PII hashed (SHA-256), aggregated beyond individual transactions, raw data retained 90 days, aggregated indefinitely, CISO approves exports.
Define storage locations, retention opt-in, deletion procedures, access controls, and export approval rules before enabling persistent analytics or memory.
Sensitive decisions or context could be shared broadly between agents if routing is implemented without access controls.
The skill is designed to route state and decisions among agents. That is expected for this framework, but the provided text does not fully specify identity, recipient, or permission boundaries.
HQ | Cross-agent routing, state management | Async via HQ message bus
Require authenticated agent identities, recipient scoping, audit logs, and rules that prevent secrets or private data from being broadcast unnecessarily.