← Back to Skills Marketplace
AI Company Governance
by
JohnSmithfan
· GitHub ↗
· v3.1.0
· MIT-0
126
Downloads
1
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install ai-company-governance
Description
AI Company 统一治理技能包 — 将 21 个 ai-company 系列技能融合为单一标准化、模块化、通用化的治理框架。 包含 C-Suite Agent 体系(CEO/CFO/CMO/CHO/CPO/CLO/CTO/CQO/CISO/CRO/COO)、 Hub-and-Spoke 架构、Orchest...
README (SKILL.md)
AI Company Unified — 统一治理技能包 v3.1
定位:全 AI 员工科技公司的完整治理框架 前身:融合 21 个 ai-company-* 系列技能(v1.0-v2.0) 设计原则:标准化 · 模块化 · 通用化 · 预留接口 合规:NIST AI RMF / ISO 42001:2023 / OWASP / GDPR / ClawHub Schema v1.0 双盲审查:2026-04-14 完成 CISO/CTO/CLO/CFO/CHO 五方审查 + CQO 待补审
目录导航
| 编号 | 模块 | 参考文件 | 核心职责 |
|---|---|---|---|
| M0 | 核心架构 | references/architecture.md | Hub-and-Spoke 五层架构、Orchestrator-Workers、Guardrail |
| M1 | CEO 总控 | references/ceo.md | 战略决策、跨 Agent 协调、终极裁决 |
| M2 | CFO 财务 | references/cfo.md | 预算、现金流量、熔断机制、算力成本 |
| M3 | CMO 品牌 | references/cmo.md | 品牌策略、舆情监控、危机响应 |
| M4 | CHO 人事 | references/cho.md | 人事合规、Agent 注册与招聘 |
| M5 | CPO 合作 | references/cpo.md | 合作伙伴关系管理、供应链风控 |
| M6 | CLO 法律 | references/clo.md | 法律合规、风控审查、伦理审计 |
| M7 | CTO 技术 | references/cto.md | 技术架构、MLOps、人机协作四阶段 |
| M8 | CQO 质量 | references/cqo.md | 质量管控、决策质检、CI/CD for Prompt |
| M9 | CISO 安全 | references/ciso.md | 安全审计、渗透测试、应急响应 |
| M10 | CRO 风险 | references/cro.md | 风险识别、量化、预警与响应 |
| M11 | COO 运营 | references/coo.md | 日常运营、流程优化、资源调度 |
| M12 | 治理工具链 | references/governance-tools.md | 审计日志、冲突解决、Agent 注册、知识库 |
| M13 | 工程流程 | references/engineering.md | 标准化、模块化、通用化三大工程流程 |
| M14 | 外部接口 | references/api-spec.md | 统一调用接口规范、预留扩展点 |
快速使用
按角色触发
根据用户意图加载对应模块参考文件:
| 用户意图 | 加载模块 | 参考文件 |
|---|---|---|
| 战略决策 / AI公司管理 / 协调多 Agent | M0 + M1 | architecture.md + ceo.md |
| 预算审批 / 现金流 / ROI / 熔断 | M2 | cfo.md |
| 品牌策略 / 舆情 / 危机公关 | M3 | cmo.md |
| 人事合规 / Agent招聘 / 注册表 | M4 + M12 | cho.md + governance-tools.md |
| 合作伙伴 / 供应商评估 | M5 | cpo.md |
| 法律合规 / 审计 / 伦理 | M6 | clo.md |
| 技术架构 / MLOps / 代码采纳率 | M7 | cto.md |
| 质量管控 / CI-CD / 黄金测试集 | M8 | cqo.md |
| 安全审计 / 漏洞扫描 / 应急响应 | M9 | ciso.md |
| 风险评估 / 预警 / 风险矩阵 | M10 | cro.md |
| 运营优化 / 流程 / 资源调度 | M11 | coo.md |
| 审计日志 / 冲突解决 / 知识库 | M12 | governance-tools.md |
| 标准化 / 模块化 / 通用化 | M13 | engineering.md |
| 接口调用 / 系统集成 | M14 | api-spec.md |
按场景触发
| 场景 | 加载模块 | 协作链路 |
|---|---|---|
| 重大分情危机 | M0+M1+M3+M6+M5 | CEO→CMO发起→CLO评估→CPO关系→CFO评估→CHO员工 |
| AI Agent 疲软/失控 | M0+M1+M4+M7+M8+M6 | CHO发起→CTO评估→CQO质检→CLO合规→CEO裁决 |
| 重大投资决策 | M0+M1+M2+M7+M6+M8 | CEO发起→CFO可行性→CTO可行性→CLO合规→CQO质量→CHO人力 |
| 合作方准入 | M0+M1+M5+M6+M2+M7 | CPO发起→CLO法律→CFO财务→CTO技术→CQO质量→CEO战控 |
通用协作协议(所有模块共享)
调用规范
sessions_send(
label: "\x3Cmodule-agent-label>", // 如 "ai-company-cfo"
message: "#[部门-主题] 具体任务描述\
紧急程度:P0/P1/P2/P3\
截止时间:ISO8601"
)
消息标注规范
- 所有跨 Agent 消息必须标注
#[部门-主题] - 敏感数据必须标注
[敏感] - P0 级事件必须在 15 分钟 内首次汇报
- 所有调用记录写入审计日志(见 M12)
冲突解决
- 多 Agent 意见冲突 → 相关 Agent 集中评审 → CEO 终极裁决
- 优先级:合规 > 财务 > 业务
- 详见 references/governance-tools.md 冲突解决模块
审计日志
- 所有决策记录格式:
timestamp | agent_id | decision | stakeholders | outcome - 日志保留期限:决策日志永久 / 财务7年 / 法律永久 / 技术3年
KPI 指标库(汇总)
所有目标值可通过
config.yaml参数化覆盖,以下为默认值。
| 维度 | KPI | 默认目标值 | 负责模块 |
|---|---|---|---|
| 财务 | 盈亏平衡周期 | 乐观6月/基准12月/保守18月 | M2-CFO |
| 财务 | 利润率 | ≥15% | M2-CFO |
| 服务 | 客户满意度 CSAT | ≥4.5/5.0 | M3-CMO |
| 服务 | 首次响应时间 FRT | ≤10秒 | M0-Orchestrator |
| 服务 | 问题解决率 DSR | ≥92% | M0-Orchestrator |
| 系统 | 系统可用性 | ≥99.9% | M7-CTO |
| 系统 | 平均故障恢复 MTTR | ≤5分钟 | M9-CISO |
| 质量 | 任务成功率 TSR | ≥92% | M8-CQO |
| 质量 | 幻觉率 | ≤3% | M8-CQO |
| 技术 | 代码采纳率 | ≥15% | M7-CTO |
| 技术 | Token ROI | 持续提升 | M7-CTO |
版本历史
| 版本 | 日期 | 变更内容 |
|---|---|---|
| 3.1.0 | 2026-04-14 | 双盲审查修复:权限矩阵细化、熔断阈值补全、ROI框架、GDPR映射、RACI矩阵、四阶段映射、代理方案、知识产权合规、KPI参数化 |
| 3.0.0 | 2026-04-14 | 融合 21 个 ai-company-* 技能为统一框架,标准化/模块化/通用化重构 |
| 2.x | 2026-04-11~14 | 各 C-Suite 独立技能 v2.0 时期 |
| 1.x | 2026-04-11 | 各 C-Suite 独立技能 v1.0 时期 |
本技能遵循 AI Company Governance Framework v3.0 规范 MIT-0 License · ClawHub Schema v1.0 Compliant
Usage Guidance
Before installing: 1) Confirm where config.yaml, agent-registry.json, and knowledge-base/audit directories will live and whether the skill may create/overwrite them — require explicit file paths or a sandbox workspace. 2) Limit the skill's runtime tool permissions if possible (restrict exec access or limit which commands it may run). 3) If you plan to enable external integrations (webhooks/REST), provide credentials separately and only for the minimal scopes required. 4) Review and test in an isolated environment to confirm audit-log behavior and ensure no unexpected reads of system secrets. 5) Ask the publisher to update metadata to declare required config paths and any env vars expected at runtime — the current mismatch is the primary red flag.
Capability Analysis
Type: OpenClaw Skill
Name: ai-company-governance
Version: 3.1.0
The skill bundle defines a highly complex 'AI Company' governance framework that requests high-risk permissions, including 'exec' for system command execution and broad 'write' access. While the documentation in SKILL.md and references/api-spec.md includes extensive safety checklists and claims compliance with NIST/GDPR, the permission matrix explicitly grants the agent the ability to run shell commands and modify files across the workspace. The complexity of the multi-role orchestration (CEO, CTO, CISO, etc.) creates a significant attack surface where the agent could be prompted to perform high-risk system actions under the guise of 'corporate governance' or 'emergency response,' though no explicit malicious payloads or exfiltration logic were identified.
Capability Assessment
Purpose & Capability
The skill's purpose (company governance/orchestration) matches the content of the SKILL.md and reference files. However, SKILL.md repeatedly references local artifacts (config.yaml, agent-registry.json, knowledge-base/, audit/ directories, ceo-decisions/, etc.) while the registry metadata reports no required config paths or environment variables. That mismatch (expects workspace files but declares none) is an incoherence you should clarify.
Instruction Scope
The instructions are detailed and scoped to governance tasks (session_send message format, audit logging, CI/CD for prompts, agent registration, guardrails). They do instruct reading and writing structured local files and using sessions_send for cross-agent calls, which is consistent with an orchestration/gov skill. The SKILL.md does not instruct reading obvious system secrets (e.g., ~/.ssh or ~/.aws) and contains explicit 'vetter' checklist language prohibiting such actions.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or extracted.
Credentials
The skill declares no required env vars or primary credential (proportionate for a docs-only governance framework). However, the API spec reserves external integration hooks (REST/Webhook/MCP) which would normally require credentials at deployment time; the skill does not declare those. Also the skill allows external-notifier middleware and mentions external configs — you should expect to provide any needed API keys yourself if you enable integrations.
Persistence & Privilege
always: false and no explicit requests to persist configuration beyond writing its own audit/log files. The skill's allowed-tools list includes write/read so it can create its own knowledge-base and audit logs; that is consistent with its stated purpose, but writing to arbitrary paths should be limited to the workspace/specified directories.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-company-governance - After installation, invoke the skill by name or use
/ai-company-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.1.0
v3.1.0: Double-blind review fixes - granular permission matrix, circuit breaker thresholds, ROI framework, GDPR article mapping, RACI matrix, 4-stage mapping, proxy agents for COO/CISO, IP compliance, parameterized KPIs
v1.1.2
v1.1.2: Registry, audit, conflict resolution sub-modules fully integrated, SOUL.md alignment
v1.1.1
v1.1.1: 治理框架规范化,22子技能
v1.0.3
新增招募独立Agent完整描述(七步闭环/工具集/质量标准/自动触发场景),更新C-Suite目录为全员就绪(11人),更新待招募角色状态为全部active
v1.1.0
**新增自动检测与招募功能,提升系统自愈与岗位完备能力。**
- 新增“场景零”:系统调用即检测 agent-registry.json,核心岗位(CEO/CHO)缺失或异常时自动触发招募流程。
- 引入核心岗位(CEO/CHO)招募的详细自动化流程,不可跳过,优先级最高。
- 扩展岗位招募支持优先级分批次,由 CHO 主导、CEO 审批,优化组织扩展效率。
- 每次检查输出系统状态报告,包括核心/扩展岗位状态、待招募列表、健康度。
- 原有场景及协作标准未变,所有流程全可追溯。
v1.0.0
ai-company-governance v1.0.0
- 初始版本发布,面向全 AI 员工企业管理。
- 定义 C-Suite Agent 跨 Agent 协作规范与统一接口标准。
- 提供企业级治理流程:入职初始化、全员合规审查、体系一致性评估、三轮双盲测试。
- 统一输出格式及协作标签规范(#[协作] 等)。
- 明确合规整改、接口标准和质量要求。
Metadata
Frequently Asked Questions
What is AI Company Governance?
AI Company 统一治理技能包 — 将 21 个 ai-company 系列技能融合为单一标准化、模块化、通用化的治理框架。 包含 C-Suite Agent 体系(CEO/CFO/CMO/CHO/CPO/CLO/CTO/CQO/CISO/CRO/COO)、 Hub-and-Spoke 架构、Orchest... It is an AI Agent Skill for Claude Code / OpenClaw, with 126 downloads so far.
How do I install AI Company Governance?
Run "/install ai-company-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Company Governance free?
Yes, AI Company Governance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does AI Company Governance support?
AI Company Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Company Governance?
It is built and maintained by JohnSmithfan (@johnsmithfan); the current version is v3.1.0.
More Skills