Audit V1.0.3

v1.0.3

Unified AI Company skill consolidating 16 department skills into one. Provides complete governance, finance, technology, security, legal, people, marketing,...

⭐ 0· 86·0 current·0 all-time

by@johnsmithfan

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for johnsmithfan/ai-company-unified.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Audit V1.0.3" (johnsmithfan/ai-company-unified) from ClawHub.
Skill page: https://clawhub.ai/johnsmithfan/ai-company-unified
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ai-company-unified

ClawHub CLI

Package manager switcher

npx clawhub@latest install ai-company-unified

Security Scan

Capability signals

CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (unified AI company) matches the included files: department references, prompts, method-patterns, and workflow templates. The documented integrations (weather APIs, finance APIs, etc.) are appropriate for the declared departments. There are no unexplained required binaries, env vars, or config path demands in the registry metadata.

ℹ

Instruction Scope

SKILL.md and the copy-paste prompts instruct the agent to read bundled reference files and generate department implementations, test cases, and workflows. The instructions reference external APIs and optional API keys only where relevant (e.g., geolocation/weather services). Prompts explicitly forbid dangerous actions (no eval/exec, no ~/.ssh or ~/.aws access) and include checks to block sensitive file access. However, the skill encompasses high-impact operations (agent creation, production deployment, system shutdown in crisis protocols) so its runtime guidance is broad and can enable powerful actions if the agent invoking it has environment privileges.

✓

Install Mechanism

There is no install spec and no code files to execute: this is instruction-only. That reduces filesystem/remote-install risk. All code is in-text prompts and markdown references bundled in the skill package.

✓

Credentials

The registry declares no required environment variables, binaries, or config paths. Some reference docs mention optional API keys (e.g., GOOGLE_GEOLOCATION_API_KEY) and standard Authorization headers for external data sources; those are optional and relevant to the information/weather/location features. No unrelated or unexplained secrets are requested.

ℹ

Persistence & Privilege

always is false and disable-model-invocation is false (normal). The skill's content supports agent orchestration (triggers include 'agent creation', 'production deployment', 'circuit breaker', etc.), so if the hosting agent is permitted to perform those actions this skill could be used to drive significant changes. The skill itself does not request persistent installation or modify other skills' configs.

Assessment

This package is internally coherent: its prompts and reference docs align with the claimed 'unified company' purpose and it does not require credentials by default. However, note the publisher/source information is missing (no homepage and source unknown) — try to verify the author/registry owner before installing in production. Because the skill contains high-impact workflows (agent creation, production deployment, crisis procedures), test it in an isolated environment first, restrict which agents can invoke it, and avoid supplying sensitive API keys until you review and limit the exact code/actions an invoking agent will perform. If you plan to grant it autonomous invocation rights, add explicit governance controls (approval gates, audit logging, and manual review steps) and monitor for unexpected outbound calls or attempts to access system-level resources.

✗

references/data-integration.md:2090

Documentation appears to expose a hardcoded API secret or token.

✗

references/integrations.md:490

Documentation appears to expose a hardcoded API secret or token.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qy98a4n17n430m4r9kww6985qmyd

86downloads

0stars

4versions

Updated 1h ago

v1.0.3

MIT-0

AI Company v1.0.3

Unified AI Company Skill — 16 departments consolidated into one. Full specifications in references/method-patterns.md and references/departments/.

Quick Reference

What This Skill Does

Complete AI company operations: governance, finance, technology, security, legal, people, marketing, quality, intelligence, information, translation, and platform infrastructure. Use for any AI-Company function.

Department Index

Department	Roles	Details
Governance & Strategy	CEO, COO, HQ	governance-and-strategy.md
Finance & Risk	CFO, CRO	finance-and-risk.md
Technology & Engineering	CTO	technology-and-engineering.md
Platform & Infrastructure	Framework	platform-and-infrastructure.md
Security & Compliance	CISO, CLO	security-and-compliance.md
People & Culture	CHO	people-and-culture.md
Marketing & Partnerships	CMO	marketing-and-partnerships.md
Quality & Operations	CQO, PMGR	quality-and-operations.md
Intelligence	Intel	intelligence.md
Information Services	Information	information.md
Translation & Localization	Translator	translation-and-localization.md

Shared Resources

Error Codes

All error codes use department prefix (e.g., CEO_001, CFO_001, CISO_001). See individual department files for complete error code reference and resolution steps.

Prompts

Copy-paste ready prompts in prompts/:

Auto-Update

This skill supports automatic updates from ClawHub with 5-layer security gates.

Setting	Value
Schedule	Weekly Sunday 02:00 UTC
RRule	`FREQ=WEEKLY;BYDAY=SU;BYHOUR=2;BYMINUTE=0`
Backup Retention	10 versions / 30 days

Security Gates: Version Check | Backup Gate | Download Gate | Frontmatter Gate | Danger Pattern Gate

Manual Update:

pwsh -File "C:\Users\Admin\WorkBuddy\Claw\.workbuddy\scripts\ai-company-auto-update.ps1" -Force

Logs: C:\Users\Admin\WorkBuddy\Claw\.workbuddy\logs\ai-company-update-log.md

Changelog

Version	Date	Changes
1.0.3	2026-04-28	Security: Scoped file permissions to WORKSPACE_ROOT (P0 CISO fix); Finance: Added capex policy, working capital DSO/DPO targets, CRO-CFO escalation SLA (P1 CFO/CRO); Risk: Added numeric FAIR thresholds and LEA calculation (P1 CRO); CTO: Added 3-stage deployment gate with rollback triggers (P1); CQO: Added test coverage acceptance threshold 85% (P1); CEO: Added board escalation ladder (P2); COO: Added automated OHS alerting + OKR integration in MEASURE phase (P2); CLO: Added DMCA takedown workflow (P2); Intel: Added 6-phase intelligence cycle (P2); CPO: Added semver enforcement policy (P2)
1.0.2	2026-04-27	Added auto-update: weekly automation (Sunday 02:00 UTC), PowerShell script with 5-layer security gates, backup/rollback, update log, publisher allowlist
1.0.1	2026-04-27	CEO review complete: all 7 reference modules verified and rebuilt; added visualization.md, integrations.md, memory.md, data-integration.md, execution.md
1.0.0	2026-04-27	Initial release to ClawHub as unified AI Company skill; 16 departments consolidated

This skill follows AI Company Governance Framework. See references/ for complete specifications.

Comments

Loading comments...