功能描述

Your AI executive team on Discord. 7 specialists (engineering, finance, marketing, devops, legal, management, chief of staff) each with its own model and per...

使用说明 (SKILL.md)

Become CEO — Your AI Executive Team

Name: Become Ceo
Author: wanikua

7 AI specialists on Discord. You give the orders, they do the work.

Quick Start

Install Clawdbot: npm install -g clawdbot
Install this skill: clawdhub install become-ceo
Copy references/clawdbot-template.json to ~/.clawdbot/clawdbot.json
Fill in your LLM API key, model IDs, and Discord bot tokens
Start: systemctl --user start clawdbot-gateway

For full server setup, see the setup guide on GitHub.

Your Team

Chief of Staff (main) — routes your orders (fast model)
Engineering — code, architecture, system design (strong model)
Finance — budgets, cost control (strong model)
Marketing — content, branding, social (fast model)
DevOps — servers, CI/CD, infrastructure (fast model)
Management — projects, coordination (fast model)
Legal — compliance, contracts (fast model)

Config

See references/clawdbot-template.json for the full config template.

Each Discord account MUST have "groupPolicy": "open" — does NOT inherit from global
identity.theme sets each team member's personality
bindings maps each agent to its Discord bot
Replace $LLM_PROVIDER, $MODEL_FAST, $MODEL_STRONG with your chosen provider and models

Workspace Files

File	What it does
`SOUL.md`	How your team behaves
`IDENTITY.md`	Org chart and model tiers
`USER.md`	About you, the CEO
`AGENTS.md`	Group chat rules, memory protocol

Sandbox

Off by default. To enable read-only sandboxed execution:

"sandbox": {
  "mode": "all",
  "workspaceAccess": "ro",
  "docker": { "network": "none" }
}

Agents run in isolated containers with read-only workspace access and no network. The gateway handles all API authentication externally. See Clawdbot docs for advanced sandbox options.

Troubleshooting

@everyone doesn't work — enable Message Content Intent + Server Members Intent in Discord Developer Portal
Messages silently dropped — set "groupPolicy": "open" on each Discord account entry

Growing Your Team

Add to agents.list with unique id and identity.theme
Create Discord bot, enable intents
Add to channels.discord.accounts with "groupPolicy": "open"
Add binding, invite bot, restart gateway

安全使用建议

This skill is coherent with its goal (running multiple AI-powered Discord bots) but there are important warnings you should heed before installing: - Metadata mismatch: The package registry entry claims no required env vars or config paths, but SKILL.md and the config template clearly require LLM API credentials and many Discord bot tokens and reference ~/.clawdbot/clawdbot.json. Do not rely solely on the registry metadata — assume you will need to provide sensitive keys. - Inspect the npm package: 'npm install -g clawdbot' will install code that will run with your user privileges and hold your tokens. Review the package source on the linked GitHub, and preferably inspect the installed code before running it as a service. - Protect credentials: The template stores multiple tokens in ~/.clawdbot/clawdbot.json. Use strict file permissions, consider using a secrets manager or letting the gateway handle auth in memory rather than writing tokens to disk. - Run in a sandbox/least privilege: The skill mentions a sandbox but it is off by default. If possible, enable the containerized, network-isolated sandbox to reduce risk of data exfiltration by agents. If you must run without sandboxing, isolate the server and use dedicated bot accounts with minimal privileges. - Verify Discord settings: The config requires 'groupPolicy': 'open' and enabling privileged intents — that grants bots broader access to messages and members. Use dedicated bot accounts and only enable intents required for functionality. - Service review: Before starting 'systemctl --user start clawdbot-gateway', inspect the service unit (what user, what environment it will load) to ensure it won't inadvertently expose secrets. If you want, I can: (1) list the exact placeholders and sensitive fields from the template for you to audit, (2) suggest a safer workflow for keeping tokens out of disk (e.g., environment injection, secrets manager), or (3) help review the GitHub repo source if you provide its package contents or a link to the npm package contents.

功能分析

Type: OpenClaw Skill Name: become-ceo Version: 1.5.0 The skill bundle is classified as suspicious due to its reliance on high-privilege system operations and handling of sensitive credentials, which, while plausibly needed for its stated purpose, introduce significant security risks. Specifically, the `SKILL.md` instructs the OpenClaw agent to execute `npm install -g clawdbot` and `systemctl --user start clawdbot-gateway`. These commands involve installing global packages and managing system services, which could lead to Remote Code Execution (RCE) or persistence vulnerabilities if the `clawdbot` package itself were compromised or if the agent were manipulated to install a malicious version. The skill also requires handling sensitive `LLM_API_KEY` and `DISCORD_BOT_TOKEN` credentials, increasing the potential impact of a compromise, despite instructions in `references/AGENTS.md` to 'Never leak private data'.

能力评估

ℹ Purpose & Capability

The skill claims to create a multi-bot AI 'executive team' on Discord and the SKILL.md plus the provided config template consistently require a clawdbot binary, LLM API key(s), and multiple Discord bot tokens — these requirements align with the stated purpose. However, the registry metadata lists no required environment variables or config paths while SKILL.md metadata declares credentials (LLM_API_KEY, DISCORD_BOT_TOKEN) and config path (~/.clawdbot/clawdbot.json). This metadata mismatch is an inconsistency that should be clarified.

⚠ Instruction Scope

Instructions tell the operator to install an npm package globally, copy the template to ~/.clawdbot/clawdbot.json, fill in LLM and Discord tokens (multiple token placeholders exist), and start a user systemd service. Agents are expected to read workspace memory files and persistent config. There is explicit guidance to set Discord bots' groupPolicy to 'open' (which broadens what bots will see/say). These steps are coherent for deploying bots but instruct storing many sensitive tokens in a file under the home directory and running a persistent gateway service — both increase blast radius if the installed code or system is compromised. The SKILL.md also mentions a sandbox but notes it is off by default; if you do not enable sandboxing, agents will have normal network access and could exfiltrate data.

ℹ Install Mechanism

The install spec uses an npm package (clawdbot) that creates the 'clawdbot' binary. Installing an npm package globally is expected for this type of skill but is a moderate-risk install source compared to a vetted system package; you should inspect the npm package and its source repository (GitHub link provided) before running 'npm install -g'. No opaque download URLs or archive extraction are present in the manifest.

⚠ Credentials

The service legitimately needs an LLM API key and multiple Discord bot tokens to operate, which the templates show (LLM API, $DISCORD_BOT_TOKEN_MAIN, _ENGINEERING, _FINANCE, etc.). That many tokens and LLM credentials are sensitive but proportionate to a multi-bot Discord deployment. The concern is the manifest/registry metadata omission: required env vars and config paths are not declared there, so automated checks or permission prompts might not surface the true credential needs. Also the suggested placement of tokens inside ~/.clawdbot/clawdbot.json is persistent and should be protected (file permissions, secret manager, or gateway-handled auth).

ℹ Persistence & Privilege

The skill instructs starting a user-level systemd service (clawdbot-gateway), which creates a long-running process on the host that will hold credentials and handle bot traffic — this is expected for a bot gateway but increases persistence and blast radius. The skill is not marked always:true and does not request modifying other skills. Review the service unit and runtime privileges before enabling it.

版本历史

v1.5.0

Provider-agnostic: remove all vendor-specific model names, API URLs, and recommendations. Users choose their own LLM provider and models.

v1.4.1

Declare ANTHROPIC_API_KEY, DISCORD_BOT_TOKEN and config path in metadata to match runtime requirements

v1.4.0

Security hardening: minimal docs, env var placeholders, no rw/bridge/docker.env mentions

v1.3.1

Security fix: harden sandbox defaults (ro workspace, no network), remove credentials declaration, add adjustable permissions table

v1.3.0

Credentials declared via metadata.credentials instead of requires.env — skill now shows ready in Clawdbot.

v1.2.0

Fix security scan: declare ANTHROPIC_API_KEY in metadata requires.env, remove curl|bash from skill text.

v1.1.0

Move setup.sh out of skill package to fix security flag. No sudo/curl patterns in skill bundle.

v1.0.0

Initial release: 7 AI specialists on Discord, one-click setup

元数据

Slug become-ceo

版本 1.5.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 8

常见问题

Become Ceo 是什么？

Your AI executive team on Discord. 7 specialists (engineering, finance, marketing, devops, legal, management, chief of staff) each with its own model and per... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 562 次。

如何安装 Become Ceo？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install become-ceo」即可一键安装，无需额外配置。

Become Ceo 是免费的吗？

是的，Become Ceo 完全免费（开源免费），可自由下载、安装和使用。

Become Ceo 支持哪些平台？

Become Ceo 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Become Ceo？

由 boluobobo（@wanikua）开发并维护，当前版本 v1.5.0。

Become Ceo