📦 Chief Of Staff — 高管参谋
v2.1.1CEO 级智能协调层,将创始人问题路由至对应顾问角色,触发多角色董事会会议处理复杂决策,并综合各方意见给出可执行方案。
0· 387·2 当前·2 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceThe skill's behavior (automatically loading company context, invoking many other skills, and writing a decision log to a hard-coded home path) is coherent with a 'chief of staff' role but the SKILL.md omits important detail about what context it reads, which files/skills have access, and where persistent data is stored — this lack of transparency could expose sensitive data or cause unexpected persistence.
评估建议
This skill looks like a reasonable C-suite orchestrator, but it leaves out important operational details. Before installing, ask the skill author or registry owner: (1) exactly what 'company context' sources the context-engine reads (files, cloud storage, integrated services, environment variables), and whether those reads require your explicit permission; (2) whether the decision log path (~/.claude/decision-log.md) can be configured, encrypted, or disabled, and what retention/access controls a...详细分析 ▾
ℹ 用途与能力
The declared purpose (routing founder questions to advisor roles, synthesizing outputs, tracking decisions) matches what the instructions describe: routing rules, role registry, synthesis framework, and a decision log. Requiring invocation of many complementary skills is expected for an orchestration layer. However, the skill claims to 'load company context automatically' but does not declare what sources that entails (files, vaults, or APIs) or any required permissions — that omission reduces transparency.
⚠ 指令范围
The runtime instructions direct the agent to read/write persistent state at a hard-coded user path (~/.claude/decision-log.md) and to 'load company context via context-engine skill' on every interaction. The skill does not declare or document which context sources the context-engine will access, nor does it declare the decision-log path in a requires/configs section. Any instruction that automatically reads company context or writes persistent logs should explicitly list the sources/paths and expected data sensitivity; the SKILL.md does not.
✓ 安装机制
Instruction-only skill with no install spec or code files. This is low-risk from an install/runtime-code perspective (nothing is downloaded or executed outside the agent).
ℹ 凭证需求
The skill declares no required environment variables or credentials, which is proportionate. However, it invokes up to 28 complementary skills (context-engine, role skills, board-meeting, decision-logger, etc.). Those downstream skills may require credentials or access to sensitive systems. The SKILL.md does not enumerate dependencies' permission needs or warn the user, so installing this orchestrator implicitly grants broad cross-skill invocation without transparency.
⚠ 持久化与权限
The skill instructs writing decisions to ~/.claude/decision-log.md (persistent user home file) and to read review dates at session start. Persisting company decisions and automatically reading that file each session is sensible for a decision tracker, but the hard-coded path and lack of opt-in/consent or rotation/retention policy is concerning. The skill is not 'always: true', and it doesn't request system-wide config changes, but the persistent file could leak sensitive decision data or be surprising to users who expect ephemeral behavior.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.1.12026/3/5
v2.1.1: optimization, reference splits
● 可疑
安装命令
点击复制官方npx clawhub@latest install chief-of-staff
镜像加速npx clawhub@latest install chief-of-staff --registry https://cn.longxiaskill.com