Boss AI Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent management assistant, but its connected Team Operations Mode is powerful and should be enabled only after reviewing cloud, messaging, sync, credential, and cron settings.
Advisor Mode appears low-risk and offline. Before enabling Team Operations Mode, verify the MCP package, protect the API key, review what employee data will be sent to manageaibrain.com, confirm which tools can send messages or sync Notion/Sheets, and inspect or disable any cron jobs you do not want running automatically.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may send workplace messages or coordinate actions through connected tools when instructed or scheduled.
Team Operations Mode can perform real-world workplace actions, including employee messaging. This is expected for a team operations skill, but users should treat it as operational authority rather than simple advice.
Write tools deliver messages to employees via connected platforms.
Use explicit confirmation for employee-facing messages and sync actions, and test workflows with a small scope before using them broadly.
Scheduled check-ins, reminders, summaries, scans, or syncs may run later without the user actively chatting with the agent.
The skill documents persistent autonomous jobs in connected mode. The behavior is disclosed and purpose-aligned, but it can continue after the initial session and can affect employees.
Registers up to 6 cron jobs that run autonomously — including jobs that send messages to employees.
Review schedules in config.json before activation, regularly run cron list, and remove or disable any automated job you do not want.
Anyone with the API key could potentially access or operate the connected company's management workflows through the service.
The optional API key grants access to company-scoped management operations. The scope is disclosed, but the credential is sensitive.
MANAGEMENT_BRAIN_API_KEY ... Authenticates all MCP calls to manageaibrain.com/mcp. Scoped to one company; each API key maps to exactly one organization.
Store the key in a secrets manager or environment variable, do not commit it to source control, and rotate/revoke it if exposed.
Employee names, workplace topics, and message text may leave the local environment when Team Operations Mode is used.
Connected mode sends employee and management content to the provider's cloud MCP/API service. This is disclosed and aligned with the cloud team-ops feature.
Tool parameters (employee names, discussion topics, message content) are sent to the cloud server for processing.
Review the provider's privacy and retention terms before enabling connected mode, and avoid sending highly sensitive HR or personal information unless appropriate.
Past preferences or session context may shape future management recommendations.
The skill stores learned preferences and patterns locally for future sessions. This supports personalization, but persistent context can become outdated or influence later advice.
scripts/update-learning.py | Automates learning field updates in config.json | At end of session to persist preferences and patterns
Periodically review or delete ~/.openclaw/skills/boss-ai-agent/config.json if preferences, context, or assumptions become stale.
The MCP bridge code may update over time and will run with the provided management API key.
The optional MCP setup runs an npm package through npx without a pinned version. This is a normal user-directed setup path for the service, but it depends on the current npm package contents.
"command": "npx", "args": ["-y", "@tonykk/management-brain-mcp"]
Verify the npm package publisher, consider pinning a reviewed version, and keep the MCP package updated through a controlled process.