📦 Ai Company Cqo 2.0.0 — 技能工具
v2.0.0AI公司首席质量官(CQO)技能包。端到端AI质检流程、PDCA-BROKE双循环、质量门禁G0-G4、三级校验架构、元提示自主优化。
0· 15·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe skill's files, runtime instructions, and included tool are coherent with a CQO / quality-gate purpose; no unexplained credential or network requests are present, but there are minor metadata inconsistencies and a platform-level permission (mcp) worth reviewing before install.
评估建议
This skill appears to do what it says: it provides CQO procedures and a small local quality_gate_checker script to validate other skills. Before installing: 1) Inspect the remainder of quality_gate_checker.generate_report (the provided file was truncated) to confirm it does not send data externally; 2) Confirm you are comfortable granting mcp permissions (sessions_send, subagents) since those let the skill spawn or communicate with subagents — this is consistent with cross-agent consensus but is...详细分析 ▾
✓ 用途与能力
Name/description (AI Company CQO) match the provided artifacts: a long SKILL.md describing QA processes and a quality_gate_checker tool that automates G0–G4 checks. The included Python checker and the skill's stated cross-agent consensus architecture are consistent with the CQO quality-management purpose. Declared dependencies on other internal 'ai-company-*' skills are plausible for cross-agent workflows.
✓ 指令范围
SKILL.md contains detailed, scoped instructions for quality management and does not instruct the agent to read unrelated system files or request secrets. The included tool scans skill files for sensitive patterns and dangerous code — appropriate for a quality gate. The only minor unknown is that the report-generation code was truncated in the provided dump; the checker appears to read and may write a local report file (quality-gate-report.md) — this is consistent with its purpose but you may want to inspect the remainder of generate_report to confirm no unexpected external transmission occurs.
✓ 安装机制
No install spec is provided (instruction-only plus a helper script), so nothing is fetched or executed at install time. The included Python script is small, uses only standard libraries, and does not download external code. This is low-risk and proportional to the stated function.
✓ 凭证需求
The skill declares no required environment variables, no external credentials, and no network access. The quality_gate_checker scans for common secret patterns (API keys, tokens) which is appropriate for security checks. There are no unexplained credentials or config path requirements.
ℹ 持久化与权限
always:false (normal). However, the skill metadata lists mcp permissions: sessions_send and subagents — platform capabilities that enable sending sessions or spawning subagents. That is consistent with the SKILL.md's cross-agent / three-tier consensus architecture, but it is a higher-privilege capability and should be reviewed/audited by the operator to ensure you are comfortable with granting the skill ability to create or communicate with subagents.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.02026/4/17
AI Company CQO Skill 2.0.0 is a major upgrade focused on full-stack AI quality management. - Comprehensive skill redesign with new OKR framework and structured quality objectives. - Introduced PDCA-BROKE dual-cycle execution and quality culture "four methods." - Added three-level validation (detection, review, arbitration) to minimize errors. - Implemented G0–G4 quality gates and explicit accuracy targets for process milestones. - Enabled automated prompt (meta-prompt) optimization within CI/CD pipelines. - Updated interface and enhanced integration with other AI-company roles for collaborative quality management.
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-company-cqo-2-0-0
镜像加速npx clawhub@latest install ai-company-cqo-2-0-0 --registry https://cn.longxiaskill.com