扫描报告
5 /100
one-person-company-os
AI-era solo company operating system with round-based execution and stage management
This is a legitimate business-process automation skill for managing solo company operations. All code functionality is properly declared in SKILL.md with no hidden malicious behavior detected.
可以安装
This skill is safe to use. No security concerns were identified. All subprocess usage is for legitimate purposes (Python version probing and package installation) and is fully documented.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md declares workspace creation; scripts write to user-specified directorie… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | ensure_python_runtime.py:200 runs package managers (apt-get, brew, etc.) with su… |
| 网络访问 | NONE | NONE | — | No external HTTP requests; URLs in code are XML schema namespaces for DOCX gener… |
| 环境变量 | READ | READ | ✓ 一致 | probe_python() reads sys.executable and version info only |
| 技能调用 | READ | READ | ✓ 一致 | Skill invokes other local scripts as documented in SKILL.md |
| 剪贴板 | NONE | NONE | — | No clipboard access detected |
| 浏览器 | NONE | NONE | — | No browser automation detected |
| 数据库 | NONE | NONE | — | No database access detected |
29 项发现
中危 外部 URL 外部 URL
https://clawhub.ai/api/v1/download?slug=one-person-company-os&version=0.5.7 PUBLISHING.md:98 中危 外部 URL 外部 URL
https://clawhub.ai/skills/one-person-company-os release/platform-check-2026-04-02.md:34 中危 外部 URL 外部 URL
https://clawhub.ai/living-hi/one-person-company-os release/platform-check-2026-04-02.md:35 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/package/2006/content-types scripts/common.py:342 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/package/2006/relationships scripts/common.py:355 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument scripts/common.py:356 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties scripts/common.py:357 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties scripts/common.py:358 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles scripts/common.py:366 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/wordprocessingml/2006/main scripts/common.py:373 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/extended-properties scripts/common.py:417 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes scripts/common.py:418 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/package/2006/metadata/core-properties scripts/common.py:428 中危 外部 URL 外部 URL
http://purl.org/dc/elements/1.1/ scripts/common.py:429 中危 外部 URL 外部 URL
http://purl.org/dc/terms/ scripts/common.py:430 中危 外部 URL 外部 URL
http://purl.org/dc/dcmitype/ scripts/common.py:431 中危 外部 URL 外部 URL
http://www.w3.org/2001/XMLSchema-instance scripts/common.py:432 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas\ scripts/common.py:480 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/markup-compatibility/2006\ scripts/common.py:481 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/relationships\ scripts/common.py:483 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/officeDocument/2006/math\ scripts/common.py:484 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing\ scripts/common.py:486 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing\ scripts/common.py:487 中危 外部 URL 外部 URL
http://schemas.openxmlformats.org/wordprocessingml/2006/main\ scripts/common.py:489 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordml\ scripts/common.py:490 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingGroup\ scripts/common.py:491 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingInk\ scripts/common.py:492 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/2006/wordml\ scripts/common.py:493 中危 外部 URL 外部 URL
http://schemas.microsoft.com/office/word/2010/wordprocessingShape\ scripts/common.py:494 目录结构
107 文件 · 390.4 KB · 10310 行 Python 13f · 5331L
Markdown 75f · 4402L
JSON 14f · 573L
YAML 1f · 4L
├─
▾
agents
│ ├─
▾
roles
│ │ ├─
control-tower.json
JSON
│ │ ├─
customer-success.json
JSON
│ │ ├─
data-analyst.json
JSON
│ │ ├─
designer.json
JSON
│ │ ├─
devops-sre.json
JSON
│ │ ├─
engineer-tech-lead.json
JSON
│ │ ├─
finance.json
JSON
│ │ ├─
founder-ceo.json
JSON
│ │ ├─
growth-sales.json
JSON
│ │ ├─
legal-compliance.json
JSON
│ │ ├─
product-strategist.json
JSON
│ │ └─
qa-reliability.json
JSON
│ └─
openai.yaml
YAML
├─
▾
assets
│ ├─
▾
examples
│ │ └─
▾
zh-round-mode
│ │ ├─
00-公司总览.md
Markdown
│ │ ├─
01-当前回合.md
Markdown
│ │ ├─
02-校准记录.md
Markdown
│ │ └─
03-阶段切换记录.md
Markdown
│ └─
▾
templates
│ ├─
artifact-delivery-index-template.md
Markdown
│ ├─
artifact-deployment-template.md
Markdown
│ ├─
artifact-docx-ready-template.md
Markdown
│ ├─
artifact-growth-template.md
Markdown
│ ├─
artifact-internal-draft-template.md
Markdown
│ ├─
artifact-launch-feedback-template.md
Markdown
│ ├─
artifact-non-software-delivery-template.md
Markdown
│ ├─
artifact-output-guide-template.md
Markdown
│ ├─
artifact-production-template.md
Markdown
│ ├─
artifact-quality-template.md
Markdown
│ ├─
artifact-software-delivery-template.md
Markdown
│ ├─
artifact-standard-spec-template.md
Markdown
│ ├─
artifact-validate-evidence-template.md
Markdown
│ ├─
bootstrap-flow-template.md
Markdown
│ ├─
calibration-flow-template.md
Markdown
│ ├─
calibration-rules-template.md
Markdown
│ ├─
company-overview-template.md
Markdown
│ ├─
current-round-template.md
Markdown
│ ├─
current-stage-deliverable-template.md
Markdown
│ ├─
current-stage-template.md
Markdown
│ ├─
execution-rules-template.md
Markdown
│ ├─
organization-template.md
Markdown
│ ├─
product-positioning-template.md
Markdown
│ ├─
reminder-rules-template.md
Markdown
│ ├─
role-brief-template.md
Markdown
│ ├─
role-index-template.md
Markdown
│ ├─
round-flow-template.md
Markdown
│ ├─
scheduler-spec-template.md
Markdown
│ ├─
stage-flow-template.md
Markdown
│ └─
stage-role-deliverable-matrix-template.md
Markdown
├─
▾
orchestration
│ ├─
handoff-schema.json
JSON
│ └─
stage-defaults.json
JSON
├─
▾
references
│ ├─
bootstrap-playbook.md
Markdown
│ ├─
calibration-playbook.md
Markdown
│ ├─
chinese-workspace-conventions.md
Markdown
│ ├─
openclaw-runtime.md
Markdown
│ ├─
round-execution-playbook.md
Markdown
│ └─
stage-transition-playbook.md
Markdown
├─
▾
release
│ ├─
▾
assets
│ │ ├─
company-overview-preview.svg
│ │ ├─
repo-social-card.svg
│ │ ├─
round-preview.svg
│ │ └─
workspace-preview.svg
│ ├─
clawhub-listing.md
Markdown
│ ├─
first-run-ux-test-2026-04-02.md
Markdown
│ ├─
github-announcement.md
Markdown
│ ├─
media-kit.md
Markdown
│ ├─
platform-check-2026-04-02.md
Markdown
│ ├─
README.md
Markdown
│ ├─
README.zh-CN.md
Markdown
│ ├─
release-checklist.md
Markdown
│ ├─
sample-outputs.md
Markdown
│ ├─
social-posts.md
Markdown
│ ├─
taglines.md
Markdown
│ ├─
v0.3.0-github-release.md
Markdown
│ ├─
v0.3.3-github-release.md
Markdown
│ ├─
v0.4.0-github-release.md
Markdown
│ ├─
v0.5.0-github-release.md
Markdown
│ ├─
v0.5.1-github-release.md
Markdown
│ ├─
v0.5.2-github-release.md
Markdown
│ ├─
v0.5.3-github-release.md
Markdown
│ ├─
v0.5.4-github-release.md
Markdown
│ ├─
v0.5.5-github-release.md
Markdown
│ ├─
v0.5.6-github-release.md
Markdown
│ └─
v0.5.7-github-release.md
Markdown
├─
▾
scripts
│ ├─
build_agent_brief.py
Python
│ ├─
calibrate_round.py
Python
│ ├─
checkpoint_save.py
Python
│ ├─
common.py
Python
│ ├─
ensure_python_runtime.py
Python
│ ├─
generate_artifact_document.py
Python
│ ├─
init_company.py
Python
│ ├─
localization.py
Python
│ ├─
preflight_check.py
Python
│ ├─
start_round.py
Python
│ ├─
transition_stage.py
Python
│ ├─
update_round.py
Python
│ └─
validate_release.py
Python
├─
AGENTS.md
Markdown
├─
CHANGELOG.md
Markdown
├─
CLAUDE.md
Markdown
├─
CONTRIBUTING.md
Markdown
├─
GUIDE.md
Markdown
├─
GUIDE.zh-CN.md
Markdown
├─
PUBLISHING.md
Markdown
├─
README.md
Markdown
├─
README.zh-CN.md
Markdown
├─
RELEASE-NOTES.md
Markdown
├─
SAMPLE-OUTPUTS.md
Markdown
├─
SECURITY.md
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ SKILL.md is comprehensive (509 lines) and declares all scripts, execution modes, and capabilities
✓ All subprocess calls are legitimate: Python version probing, package installation (brew/apt-get/winget), and test execution
✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env, api_key, password, token)
✓ No external C2 communication or data exfiltration
✓ No base64-encoded execution, eval(), exec(), or __import__() abuse
✓ No hidden functionality in HTML comments or obfuscated code
✓ No remote script execution (curl|bash, wget|sh)
✓ No supply chain risks: no unpinned dependencies, no third-party packages required
✓ Clear separation between script execution (Mode A), manual persistence (Mode B), and chat-only (Mode C)
✓ Confirmation boundaries documented for high-risk actions