← 返回 Skills 市场

AI Company Audit (EN)

Name: AI Company Audit (EN)
Author: johnsmithfan

作者 JohnSmithfan · GitHub ↗ · v1.0.0-en2 · MIT-0

cross-platform ✓ 安全检测通过

121

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ai-company-audit

功能描述

跨Agentaudit日志standard。7类日志（决策/操作/错误/security/性能/访问/data）+ compliance检查点 + audittrackstandard，适配fully AI companygovernframework。

使用说明 (SKILL.md)

\r \r

Audit Logging Standard — audit日志standard\r

7类audit日志\r

\r | Log Type | Description | Retention |\r |----------|-------------|----------|\r | Decision | strategy/战术决策record | 2 years |\r | Action | Agent execute的操作 | 90 days |\r | Error | 系统异常和错误 | 90 days |\r | Security | authenticate/authorize/security incident | 2 years |\r | Performance | latency/吞吐量/KPI | 30 days |\r | Access | data访问record | 2 years |\r | Data | data变更历史 | 7 years |\r \r

Log Entry Schema\r

log_entry:\r
  timestamp: "ISO 8601 format (YYYY-MM-DDTHH:MM:SS.SSSZ)"\r
  agent_id: "e.g., CFO-001, CEO-001"\r
  log_type: "decision|action|error|security|performance|access|data"\r
  action: "string (what happened)"\r
  target: "string (affected resource/endpoint)"\r
  result: "success|failure|partial"\r
  duration_ms: 0\r
  metadata:\r
    task_id: "TASK-001"\r
    confidence: 0.95\r
    [敏感]: "redacted"\r
  trace_id: "uuid (for cross-agent correlation)"\r
```\r
\r
## Compliance Checkpoints\r
\r
| Checkpoint | Standard | Enforcement |\r
|-----------|---------|-------------|\r
| P0 SLA 达成 | 95% P0 event在 SLA 内完成 | CQO monitor |\r
| 敏感data标注 | 所有 PII 字段含 `[敏感]` 标注 | CISO audit |\r
| 跨 Agent audittrack | trace_id 贯穿完整调用链 | CTO 技术实现 |\r
| audit日志不可篡改 | append-only + hash chain | CTO 技术实现 |\r
| audit日志保留期 | 详见上表（7类）| CTO storestrategy |\r
\r
## P0 Incident Compliance\r
\r
| P0 standard | respond要求 | audit要求 |\r
|---------|---------|---------|\r
| respond时间 | 15 分钟内初始respond | 时间戳record |\r
| CEO 通报 | 立即通报 | 决策日志 |\r
| 根因analyze | 48 小时内完成 | analyzereport存档 |\r
| improve项 | 7 天内入 backlog | trackrecord |\r
\r
## Audit Log Storage Policy\r
\r
```yaml\r
storage_policy:\r
  format: "structured JSON (CloudWatch/Elasticsearch/Splunk compatible)"\r
  encryption: "AES-256-GCM at rest"\r
  replication: "3 copies across regions"\r
  access_control: "CQO + CISO read-only; CTO write-only"\r
  retention:\r
    decision: "2 years"\r
    security: "2 years"\r
    access: "2 years"\r
    performance: "30 days"\r
    action: "90 days"\r
    error: "90 days"\r
    data: "7 years"\r
```\r
\r
## Natural Language Commands\r
\r
```\r
"Audit all decisions this week" → Decision logs filtered by date range\r
"Check compliance for P0 SLAs" → P0 compliance report\r
"Review access logs for sensitive data" → Access log audit\r
"Export audit trail for INC-001" → Trace by trace_id\r
```\r

安全使用建议

This skill is a documentation/specification for audit logging and appears internally consistent. It will not perform actions or access your environment by itself. Before relying on it operationally: 1) confirm whether you need a separate implementation/connector (this skill is not an implementation); 2) review the declared dependent skills (ai-company-hq, ai-company-registry, ai-company-conflict) because those may implement runtime behavior or require credentials; 3) if you implement the storage/enforcement recommendations, ensure you provide and secure the necessary cloud credentials and concretely implement append-only, encryption, and access controls; and 4) validate retention and PII-handling rules against your legal/regulatory requirements.

功能分析

Type: OpenClaw Skill Name: ai-company-audit Version: 1.0.0-en2 The skill bundle defines a standardized auditing and logging framework for an AI-driven organization. It contains no executable code, scripts, or requested permissions (files, network, and commands are all empty), focusing entirely on defining log schemas, compliance checkpoints, and storage policies in SKILL.md.

能力评估

ℹ Purpose & Capability

The skill is presented as a cross-agent audit logging standard and only contains documentation/schema and NL command mappings. It references integration targets (CloudWatch/Elasticsearch/Splunk), encryption, replication, and enforcement roles, but does not request credentials or binaries — which is appropriate for a standards/specification artifact. If you expected a connector/implementation, that is not present.

✓ Instruction Scope

SKILL.md stays within the scope of a logging/compliance standard: it defines log types, a schema, retention policies, compliance checkpoints, and example NL commands. It does not instruct the agent to read local files, environment variables, or transmit data to external endpoints. A minor note: enforcement mechanisms (append-only hash chain, encryption, replication, access-control) are described at a policy level but no concrete implementation steps are provided.

✓ Install Mechanism

No install spec, no code, and no downloads — lowest-risk instruction-only skill.

✓ Credentials

The skill requires no environment variables, credentials, or config paths. It references cloud logging systems conceptually; this is reasonable for a spec. If you later integrate this standard with real storage backends, those connectors will need appropriate credentials (not included here).

✓ Persistence & Privilege

always:false and default invocation settings; the skill does not request persistent/system-level privileges or to modify other skills' configurations.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ai-company-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /ai-company-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0-en2

Full body English translation

v1.0.0-en

English version

v1.0.0

Initial release: Decision logging and compliance audit trail

元数据

Slug ai-company-audit

版本 1.0.0-en2

许可证 MIT-0

累计安装 1

当前安装数 0

历史版本数 3

常见问题