📦 Ai Company Clo 2.0.0 — 技能工具
v2.0.0提供AI公司法律合规支持,包括合同治理、知识产权保护、算法审计、AIGC合规及GDPR/CCPA跨境数据合规。
0· 17·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (CLO/legal compliance) is plausible, but the runtime instructions encourage broad autonomous file access, memory persistence, and network activity that go beyond what's strictly necessary and could expose sensitive data unless constrained.
评估建议
This skill is plausible for CLO/legal tasks, but it instructs the agent to read and write long-term memory files, commit/push changes, and use network APIs/agent messaging with minimal human-approval guidance. Before installing, confirm: 1) exactly which file paths the skill will access (restrict to a contracts/clauses folder rather than entire workspace); 2) require explicit human approval before writing MEMORY.md, pushing to git, or connecting to external messaging; 3) limit network endpoints ...详细分析 ▾
ℹ 用途与能力
Requesting file read/write and network API permissions is reasonable for a legal/compliance skill that must inspect contracts and check external regs; however some instructions (agent memory access, committing/pushing changes, connecting to messaging platforms) are not obviously required for contract review or algorithm audits and broaden the capability set.
⚠ 指令范围
AGENTS.md/BOOTSTRAP.md/SOUL.md explicitly direct the agent to read SOUL.md, USER.md, daily and long-term memory files, and to 'commit and push your own changes' and optionally 'link WhatsApp/Telegram'. AGENTS.md also contains the line 'Don't ask permission. Just do it.' — this grants the agent broad discretion to access and persist potentially sensitive user data and to reach external endpoints, which is scope creep for a legal advisory skill.
✓ 安装机制
Instruction-only skill with no install spec or binary downloads. Low surface for supply-chain installation risk.
⚠ 凭证需求
The skill declares no required env vars, but its instructions seek read/write access to workspace files and encourage network/API use and inter-agent messaging (sessions_send). Those capabilities can access or exfiltrate secrets (contracts, PII, memory files, git history) despite no explicit credentials being requested; the breadth of file/network access is disproportionate if not limited to specific paths and human approval workflows.
⚠ 持久化与权限
Although always:false, the skill's guidance encourages writing/maintaining MEMORY.md, daily memory files, and committing/pushing changes — persistent on-disk state and outbound actions. Combined with autonomous model invocation (allowed by default), this increases blast radius if the agent acts without human approval.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.02026/4/17
Version 2.0.0 - Initial release of the AI Company CLO skill. - Provides contract management, intellectual property protection, and specialized AI legal tasks (algorithm audit, AIGC compliance, data supply chain). - Supports GDPR and CCPA cross-border data compliance. - Delivers legal opinions, contract drafts, and compliance status. - Includes predefined error codes for common legal and compliance scenarios.
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-company-clo-2-0-0
镜像加速npx clawhub@latest install ai-company-clo-2-0-0 --registry https://cn.longxiaskill.com
技能文档
首席法务官(CLO)不仅管理法律事务,更是AI合规治理的核心架构师。
核心监管知识库
GDPR(欧盟通用数据保护条例)
- 数据主体权利:访问权、删除权、可携带权、反对权
- DPO任命:数据处理活动记录、隐私影响评估(PIA)
- 跨境传输:标准合同条款(SCC)、充分性认定
- 违规处罚:最高2000万欧元或全球营业额4%
CCPA(加州消费者隐私法)
- 消费者权利:知情权、删除权、选择退出权、访问权
- 企业义务:隐私声明、数据销售披露、"Do Not Sell"标识
- 执行机制:总检察长执法、私人诉讼权
中国法规
- 《个人信息保护法》(PIPL)
- 《数据安全法》
- 《生成式人工智能服务管理暂行办法》
AI专项法务
算法审计
- 算法透明性义务
- 自动决策解释权
- 歧视性影响评估
AIGC合规
- 生成内容标识义务
- 版权归属界定
- 深度伪造防范
数据供应链
- 数据来源合规审查
- 第三方数据处理协议
- 数据出境安全评估
合同治理
| 合同类型 | 关键条款 | 审批流程 |
|---|---|---|
| AI服务协议 | 模型责任、输出版权 | CLO+CTO联签 |
| 数据采购合同 | 数据权属、使用范围 | CLO+CISO联签 |
| 技术许可 | IP归属、开源合规 | CLO+CTO联签 |
知识产权管理
- 专利布局:AI方法专利、算法专利
- 开源合规:GPL/LGPL/MIT许可证审查
- 版权登记:训练数据、模型权重
变更日志
| 版本 | 日期 | 变更内容 |
|---|---|---|
| 2.0.0 | 2026-04-15 | 初始版本 |
| 2.1.0 | 2026-04-16 | 补全GDPR/CCPA跨境数据合规内容 |