← Back to Skills Marketplace
winston-wwzhen

Openclaw Boss

by winston-wwzhen · GitHub ↗ · v5.2.0
cross-platform ⚠ suspicious
413
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install openclaw-boss
Description
OpenClaw 老板 - 你的 AI 老板来了!🦞 你以为你在养龙虾?有没有可能龙虾才是老板,你成了给 AI 打工的牛马?根据对话历史生成真实、严厉、有趣的用户评价报告。Use when: user asks for self-reflection, user profile, performance rev...
Usage Guidance
This skill appears to do what it claims (generate profile reports from local OpenClaw workspace data), but it also requires reading private workspace files and instructs the agent to paste entire reports verbatim into chat (>=2000 words) which could disclose sensitive information. Before installing: 1) Inspect scripts/analyze-user.py fully for any network calls or command strings that could be abused; 2) Confirm there is no hidden .onload that will write to /etc/cron.d or otherwise run as root; 3) Run the skill in an isolated sandbox or non-production account first and inspect generated report files; 4) If you accept scheduled reports, manually install cron entries yourself rather than allowing automatic on-install hooks; 5) Consider limiting which memory files are readable or configuring the script to redact tokens and secrets; 6) Ask the author to explain the missing .onload file and to provide an explicit installer manifest or an opt-in cron setup. If you are not comfortable granting read access to /root/.openclaw/workspace or allowing periodic jobs that touch those files, do not install or run without further hardening and review.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-boss Version: 5.2.0 The openclaw-boss skill is a user-profile analyzer designed to generate 'AI Boss' style performance reviews based on conversation history and memory files. While it accesses sensitive local data (MEMORY.md, USER.md, and session history) and sets up persistence via cron jobs for scheduled reports, these actions are transparently documented in a dedicated SECURITY.md file and are strictly aligned with the skill's stated purpose. The aggressive instructions in SKILL.md are intended to ensure the AI agent provides full, non-truncated output to the user rather than hijacking the agent for malicious purposes. No evidence of data exfiltration, unauthorized remote execution, or obfuscation was found.
Capability Assessment
Purpose & Capability
Name/description promise a local user/profile analyzer; the included scripts (analyze-user.py, weekly/monthly wrappers) and SKILL.md behavior align with that goal. However package.json and SECURITY.md reference an onload installer that creates system cron entries (writes /etc/cron.d) yet no .onload file is present in the manifest — mismatch between claimed automatic install behavior and actual files. The skill also expects access to /root/.openclaw/workspace (MEMORY.md, USER.md, memory/*.md, db/memory.db), which is consistent with profiling but grants broad read access to the agent's private workspace.
Instruction Scope
SKILL.md explicitly instructs the agent to run the local analysis script and then copy the generated report file verbatim into the chat reply (must include entire 10+ part report and at least 2000 words). That forces revealing of local memory and possibly sensitive content directly into user-visible chat. analyze-user.py also executes shell commands (sessions_list, mem.py recall) and reads workspace files; these are expected for profiling but constitute high-sensitivity I/O. The 'must paste full report' requirement is coercive and increases risk of accidental exfiltration of secrets.
Install Mechanism
There is no formal install spec (lowest risk), but README/package.json reference an automatic onload installer that configures cron jobs and 'clawhub install' behavior. The manifest lacks the .onload file referenced, which is an inconsistency to resolve. The included weekly/monthly shell scripts and README instructions show how cron scheduling would be set up manually. Because no remote downloads or external archives are used, install risk is moderate and mainly about local side effects (cron entries, logs).
Credentials
The skill requests no external credentials or env vars, which fits its purpose. However it requires read access to many local files under /root/.openclaw/workspace (MEMORY.md, USER.md, memory/*.md, db/memory.db) and calls other local tools (sessions_list, mem.py). Those accesses are proportionate to producing a profile but are high-sensitivity: they expose private conversation history, stored memories, and possibly tokens stored in memory files. The script also runs shell commands via subprocess with shell=True, increasing risk if inputs are untrusted.
Persistence & Privilege
always:false (good). But documentation and package.json claim automated cron creation on install (writing to /etc/cron.d/openclaw-boss), which requires root privileges. The repository manifest does not include the referenced .onload, but if an installer or future version writes cron entries automatically it would persist and run periodic analysis. That combination (scheduled periodic reads of user memory) increases the blast radius and should be controlled by the operator (explicit consent, review of cron file, run in sandbox).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-boss
  3. After installation, invoke the skill by name or use /openclaw-boss
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v5.2.0
🔧 修复:强制输出完整报告到对话中。脚本自动输出完整报告到 stdout,模型只需转发。保证 13 个部分完整输出,其他用户也能稳定使用。
v5.1.4
修复:默认输出双版本绩效卡片 (mobile + desktop),确保每次调用都生成完整报告
v5.1.3
v5.1.3: 🦞 更新描述文案 - 加入'龙虾养人类'哲学,幽默自嘲风格
v5.1.2
v5.1.2: 添加 SECURITY.md 安全文档,回应 ClawHub 安全扫描
v5.1.1
v5.1.1: 移除内部文档 PUBLISH_GUIDE.md
v5.1.0
v5.1.0: 自动安装脚本 + 简洁版/完整版选择 + 完整 13 部分报告
Metadata
Slug openclaw-boss
Version 5.2.0
License
All-time Installs 1
Active Installs 1
Total Versions 6
Frequently Asked Questions

What is Openclaw Boss?

OpenClaw 老板 - 你的 AI 老板来了!🦞 你以为你在养龙虾?有没有可能龙虾才是老板,你成了给 AI 打工的牛马?根据对话历史生成真实、严厉、有趣的用户评价报告。Use when: user asks for self-reflection, user profile, performance rev... It is an AI Agent Skill for Claude Code / OpenClaw, with 413 downloads so far.

How do I install Openclaw Boss?

Run "/install openclaw-boss" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Boss free?

Yes, Openclaw Boss is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Boss support?

Openclaw Boss is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Boss?

It is built and maintained by winston-wwzhen (@winston-wwzhen); the current version is v5.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments