Scan Report
5 /100
one-person-company-os
AI-era solo company operating system with round-based execution and stage management
This is a legitimate business-process automation skill for managing solo company operations. All code functionality is properly declared in SKILL.md with no hidden malicious behavior detected.
Safe to install
This skill is safe to use. No security concerns were identified. All subprocess usage is for legitimate purposes (Python version probing and package installation) and is fully documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares workspace creation; scripts write to user-specified directorie… |
| Shell | WRITE | WRITE | ✓ Aligned | ensure_python_runtime.py:200 runs package managers (apt-get, brew, etc.) with su… |
| Network | NONE | NONE | — | No external HTTP requests; URLs in code are XML schema namespaces for DOCX gener… |
| Environment | READ | READ | ✓ Aligned | probe_python() reads sys.executable and version info only |
| Skill Invoke | READ | READ | ✓ Aligned | Skill invokes other local scripts as documented in SKILL.md |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | NONE | NONE | — | No browser automation detected |
| Database | NONE | NONE | — | No database access detected |
29 findings
Medium External URL 外部 URL
https://clawhub.ai/api/v1/download?slug=one-person-company-os&version=0.5.7 PUBLISHING.md:98 Medium External URL 外部 URL
https://clawhub.ai/skills/one-person-company-os release/platform-check-2026-04-02.md:34 Medium External URL 外部 URL
https://clawhub.ai/living-hi/one-person-company-os release/platform-check-2026-04-02.md:35 Medium External URL 外部 URL
http://schemas.openxmlformats.org/package/2006/content-types scripts/common.py:342 Medium External URL 外部 URL
http://schemas.openxmlformats.org/package/2006/relationships scripts/common.py:355 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument scripts/common.py:356 Medium External URL 外部 URL
http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties scripts/common.py:357 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties scripts/common.py:358 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles scripts/common.py:366 Medium External URL 外部 URL
http://schemas.openxmlformats.org/wordprocessingml/2006/main scripts/common.py:373 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/extended-properties scripts/common.py:417 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes scripts/common.py:418 Medium External URL 外部 URL
http://schemas.openxmlformats.org/package/2006/metadata/core-properties scripts/common.py:428 Medium External URL 外部 URL
http://purl.org/dc/elements/1.1/ scripts/common.py:429 Medium External URL 外部 URL
http://purl.org/dc/terms/ scripts/common.py:430 Medium External URL 外部 URL
http://purl.org/dc/dcmitype/ scripts/common.py:431 Medium External URL 外部 URL
http://www.w3.org/2001/XMLSchema-instance scripts/common.py:432 Medium External URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\ scripts/common.py:480 Medium External URL 外部 URL
http://schemas.openxmlformats.org/markup-compatibility/2006\ scripts/common.py:481 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships\ scripts/common.py:483 Medium External URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/math\ scripts/common.py:484 Medium External URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing\ scripts/common.py:486 Medium External URL 外部 URL
http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing\ scripts/common.py:487 Medium External URL 外部 URL
http://schemas.openxmlformats.org/wordprocessingml/2006/main\ scripts/common.py:489 Medium External URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordml\ scripts/common.py:490 Medium External URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingGroup\ scripts/common.py:491 Medium External URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingInk\ scripts/common.py:492 Medium External URL 外部 URL
http://schemas.microsoft.com/office/2006/wordml\ scripts/common.py:493 Medium External URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingShape\ scripts/common.py:494 File Tree
107 files · 390.4 KB · 10310 lines Python 13f · 5331L
Markdown 75f · 4402L
JSON 14f · 573L
YAML 1f · 4L
├─
▾
agents
│ ├─
▾
roles
│ │ ├─
control-tower.json
JSON
│ │ ├─
customer-success.json
JSON
│ │ ├─
data-analyst.json
JSON
│ │ ├─
designer.json
JSON
│ │ ├─
devops-sre.json
JSON
│ │ ├─
engineer-tech-lead.json
JSON
│ │ ├─
finance.json
JSON
│ │ ├─
founder-ceo.json
JSON
│ │ ├─
growth-sales.json
JSON
│ │ ├─
legal-compliance.json
JSON
│ │ ├─
product-strategist.json
JSON
│ │ └─
qa-reliability.json
JSON
│ └─
openai.yaml
YAML
├─
▾
assets
│ ├─
▾
examples
│ │ └─
▾
zh-round-mode
│ │ ├─
00-公司总览.md
Markdown
│ │ ├─
01-当前回合.md
Markdown
│ │ ├─
02-校准记录.md
Markdown
│ │ └─
03-阶段切换记录.md
Markdown
│ └─
▾
templates
│ ├─
artifact-delivery-index-template.md
Markdown
│ ├─
artifact-deployment-template.md
Markdown
│ ├─
artifact-docx-ready-template.md
Markdown
│ ├─
artifact-growth-template.md
Markdown
│ ├─
artifact-internal-draft-template.md
Markdown
│ ├─
artifact-launch-feedback-template.md
Markdown
│ ├─
artifact-non-software-delivery-template.md
Markdown
│ ├─
artifact-output-guide-template.md
Markdown
│ ├─
artifact-production-template.md
Markdown
│ ├─
artifact-quality-template.md
Markdown
│ ├─
artifact-software-delivery-template.md
Markdown
│ ├─
artifact-standard-spec-template.md
Markdown
│ ├─
artifact-validate-evidence-template.md
Markdown
│ ├─
bootstrap-flow-template.md
Markdown
│ ├─
calibration-flow-template.md
Markdown
│ ├─
calibration-rules-template.md
Markdown
│ ├─
company-overview-template.md
Markdown
│ ├─
current-round-template.md
Markdown
│ ├─
current-stage-deliverable-template.md
Markdown
│ ├─
current-stage-template.md
Markdown
│ ├─
execution-rules-template.md
Markdown
│ ├─
organization-template.md
Markdown
│ ├─
product-positioning-template.md
Markdown
│ ├─
reminder-rules-template.md
Markdown
│ ├─
role-brief-template.md
Markdown
│ ├─
role-index-template.md
Markdown
│ ├─
round-flow-template.md
Markdown
│ ├─
scheduler-spec-template.md
Markdown
│ ├─
stage-flow-template.md
Markdown
│ └─
stage-role-deliverable-matrix-template.md
Markdown
├─
▾
orchestration
│ ├─
handoff-schema.json
JSON
│ └─
stage-defaults.json
JSON
├─
▾
references
│ ├─
bootstrap-playbook.md
Markdown
│ ├─
calibration-playbook.md
Markdown
│ ├─
chinese-workspace-conventions.md
Markdown
│ ├─
openclaw-runtime.md
Markdown
│ ├─
round-execution-playbook.md
Markdown
│ └─
stage-transition-playbook.md
Markdown
├─
▾
release
│ ├─
▾
assets
│ │ ├─
company-overview-preview.svg
│ │ ├─
repo-social-card.svg
│ │ ├─
round-preview.svg
│ │ └─
workspace-preview.svg
│ ├─
clawhub-listing.md
Markdown
│ ├─
first-run-ux-test-2026-04-02.md
Markdown
│ ├─
github-announcement.md
Markdown
│ ├─
media-kit.md
Markdown
│ ├─
platform-check-2026-04-02.md
Markdown
│ ├─
README.md
Markdown
│ ├─
README.zh-CN.md
Markdown
│ ├─
release-checklist.md
Markdown
│ ├─
sample-outputs.md
Markdown
│ ├─
social-posts.md
Markdown
│ ├─
taglines.md
Markdown
│ ├─
v0.3.0-github-release.md
Markdown
│ ├─
v0.3.3-github-release.md
Markdown
│ ├─
v0.4.0-github-release.md
Markdown
│ ├─
v0.5.0-github-release.md
Markdown
│ ├─
v0.5.1-github-release.md
Markdown
│ ├─
v0.5.2-github-release.md
Markdown
│ ├─
v0.5.3-github-release.md
Markdown
│ ├─
v0.5.4-github-release.md
Markdown
│ ├─
v0.5.5-github-release.md
Markdown
│ ├─
v0.5.6-github-release.md
Markdown
│ └─
v0.5.7-github-release.md
Markdown
├─
▾
scripts
│ ├─
build_agent_brief.py
Python
│ ├─
calibrate_round.py
Python
│ ├─
checkpoint_save.py
Python
│ ├─
common.py
Python
│ ├─
ensure_python_runtime.py
Python
│ ├─
generate_artifact_document.py
Python
│ ├─
init_company.py
Python
│ ├─
localization.py
Python
│ ├─
preflight_check.py
Python
│ ├─
start_round.py
Python
│ ├─
transition_stage.py
Python
│ ├─
update_round.py
Python
│ └─
validate_release.py
Python
├─
AGENTS.md
Markdown
├─
CHANGELOG.md
Markdown
├─
CLAUDE.md
Markdown
├─
CONTRIBUTING.md
Markdown
├─
GUIDE.md
Markdown
├─
GUIDE.zh-CN.md
Markdown
├─
PUBLISHING.md
Markdown
├─
README.md
Markdown
├─
README.zh-CN.md
Markdown
├─
RELEASE-NOTES.md
Markdown
├─
SAMPLE-OUTPUTS.md
Markdown
├─
SECURITY.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ SKILL.md is comprehensive (509 lines) and declares all scripts, execution modes, and capabilities
✓ All subprocess calls are legitimate: Python version probing, package installation (brew/apt-get/winget), and test execution
✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env, api_key, password, token)
✓ No external C2 communication or data exfiltration
✓ No base64-encoded execution, eval(), exec(), or __import__() abuse
✓ No hidden functionality in HTML comments or obfuscated code
✓ No remote script execution (curl|bash, wget|sh)
✓ No supply chain risks: no unpinned dependencies, no third-party packages required
✓ Clear separation between script execution (Mode A), manual persistence (Mode B), and chat-only (Mode C)
✓ Confirmation boundaries documented for high-risk actions