Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Company Coo
v2.0.0AI公司首席运营官(COO)技能包。战略拆解、OKR对齐、流程自动化治理、组织智能化转型、人机责权划分、三位一体监督闭环。
⭐ 0· 108·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is an instruction-only COO/operations governance package. File read/write, network API access, and inter-agent messaging (sessions_send/subagents) are reasonable for coordination and reporting. However, AGENTS.md references a specific local workspace path (C:\Users\34866\.qclaw\workspace-agent-coo) and instructs reading USER.md and memory files — a hard-coded local path and unrestricted file permissions are disproportionate to a generic skill and risk accessing unexpected personal or sensitive files.
Instruction Scope
SKILL.md and supporting docs direct the agent to read SOUL.md, USER.md, memory/YYYY-MM-DD.md and maintain/modify memory/okr-tracker.md. AGENTS.md explicitly states reading USER.md (not included in the bundle) and a specific user home path, which implies the skill will access local user data. TOOLS.md exposes 'message' (webhook/email) and 'sessions_send' which could transmit collected data externally. The instructions do not enumerate safe/allowed paths or safe endpoints, leaving scope broad.
Install Mechanism
No install spec and no shipped code means nothing is downloaded or executed on install; the skill is instruction-only. That reduces some risk compared to arbitrary installers.
Credentials
The skill requests no environment variables or external credentials (good), but it declares broad capabilities: file read/write and network API access. Without scoped path restrictions or declared external endpoints, those broad permissions are disproportionate to an instruction-only governance skill and could enable exfiltration if misused.
Persistence & Privilege
always:false (good), but the skill requests mcp privileges (sessions_send, subagents) which let it create/communicate with other agents or spawn subagents. Combined with network and file permissions, this increases blast radius (propagation, automated cross-agent actions). The skill does not modify other skills' configs in the bundle, but the listed MCP capabilities are powerful and should be limited unless explicitly required.
What to consider before installing
This skill generally matches a COO/governance role, but it requests broad file and network permissions and can spawn/communicate with other agents. Before installing: (1) ask the author which external endpoints or webhooks the skill will call and why; (2) confirm exactly which local paths it will read/write (avoid giving access to your home directory or secrets); (3) if you must try it, run in a restricted/sandboxed agent environment with network and file access limited; (4) avoid using it with sensitive data (financial records, private repos, credentials) until you can verify its behavior; (5) consider disabling MCP (sessions_send/subagents) or network access unless needed. If the hard-coded workspace path (C:\Users\34866...) appears in your environment, update it to a safe, intended workspace or ask the maintainer to remove hard-coded personal paths.Like a lobster shell, security has layers — review code before you run it.
ai-companyvk9771epejwhqk96n8sqhq8wz5984mrm1c-suitevk9771epejwhqk96n8sqhq8wz5984mrm1coovk9771epejwhqk96n8sqhq8wz5984mrm1latestvk97dkfv740bj0yf23e3a499xyn84vm7cokrvk97b2bdhm5mftpswm96bsa791n84nxm2operationsvk97b2bdhm5mftpswm96bsa791n84nxm2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.