Manage Teams
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with managing OpenAnt teams, but it gives broad CLI authority over persistent team membership and team deletion, including shared-wallet teams, with incomplete confirmation guidance.
Before installing, confirm you trust the OpenAnt CLI invoked through `npx`, and only use this skill when you are comfortable letting the agent make persistent team changes. Ask for explicit confirmation before adding members, removing members, deleting teams, or making changes involving shared wallets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill can make persistent changes to OpenAnt teams, potentially affecting membership and team resources.
The allowed tool pattern permits any `teams` CLI subcommand, including current or future high-impact team-management operations, rather than a narrower set of documented commands.
allowed-tools: ["Bash(npx @openant-ai/cli@latest status*)", "Bash(npx @openant-ai/cli@latest teams *)"]
Narrow the allowed commands where possible and require explicit user confirmation before all membership changes, not only removals and deletions.
A mistaken or premature member addition could grant another user access to team collaboration context or shared-wallet-related team capabilities.
The skill says teams can involve shared wallets and documents adding members, but the autonomy section only requires confirmation for deleting teams and removing members, not adding members.
Teams enable collaborative task work and shared wallets. ... `npx @openant-ai/cli@latest teams add-member <teamId> --user <userId> --json` ... `Removing members` — **confirm with user first**.
Add clear instructions to confirm the team ID, user ID, and consequences before adding any member.
Future CLI updates could change behavior without a corresponding skill update.
Using `@latest` means the code run by `npx` can change after this skill version is reviewed. This is common for CLI-based integrations but reduces reproducibility.
Use the `npx @openant-ai/cli@latest` CLI
Prefer a pinned CLI version for reviewed workflows, or tell users that the latest OpenAnt CLI will be fetched and run.
Actions taken by the agent may be performed as the authenticated OpenAnt user.
The skill depends on the user's authenticated OpenAnt account context. That is expected for managing teams, but it means commands act with the user's OpenAnt permissions.
Confirm Authentication ... `npx @openant-ai/cli@latest status --json` ... If not authenticated, refer to the `authenticate-openant` skill.
Use only with the intended OpenAnt account and review team/member IDs before allowing mutations.