Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Team Builder
v3.0.0在 OpenClaw 上一键部署多 Agent SaaS 团队工作区。内置双开发轨(devops 交付 + fullstack-dev 实现)、实时 spawn 调度、cron 巡检、Deep Dive 产品知识目录、onboarding 引导。支持自定义角色、模型、时区,可选 Telegram 接入。
⭐ 0· 815·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (team workspace generator) matches the code and templates: it generates agent SOULs, AGENTS.md, onboarding files, cron scripts and an apply-config.js. However the runtime behavior reads and (when you run apply-config.js) writes the global OpenClaw config (~/.openclaw/openclaw.json) and creates files under a workspace directory. The registry metadata lists no required config paths or credentials, so the skill underdeclares that it accesses/modifies system-level config.
Instruction Scope
SKILL.md and templates clearly instruct scanning openclaw.json, reading/writing workspace files, and optionally storing Telegram bot tokens into openclaw.json. The deploy script reads ~/.openclaw/openclaw.json to auto-detect model providers and writes many files under the chosen workspace. The instructions also describe deep-dive scans that read project code, run git/grep commands, and produce knowledge files — this is coherent with the feature but broad (it can access arbitrary project files when you run the deep-dive). The docs state that apply-config.js/create-crons are manual steps and recommend review, which mitigates but does not remove the need for user review.
Install Mechanism
No install spec and only one included script (scripts/deploy.js). No network downloads or external installers are present in the provided files. Risk from installation is limited to files the script writes into your chosen workspace and any manual execution of apply-config.js/create-crons. This is the lowest-risk install pattern, but review of the generated files is still required.
Credentials
The skill declares no required env vars or primary credential, yet the deploy script implicitly depends on the HOME (or USERPROFILE) environment and reads ~/.openclaw/openclaw.json to detect model providers. SKILL.md also documents storing optional Telegram bot tokens into openclaw.json. Because the manifest does not declare access to openclaw.json or to HOME, the declared environment/credential requirements are incomplete. Users should assume the skill will read your OpenClaw config and (if you run generated apply-config.js) update it; optional storage of Telegram tokens into a global config is another sensitive write operation.
Persistence & Privilege
The skill is not always-enabled and does not request autonomous special privileges. However it generates scripts that, when executed, will modify openclaw.json and create cron jobs in the target workspace. SKILL.md explicitly warns these write actions are manual and recommends reviewing apply-config.js. That reduces the danger but you must not run generated apply-config.js/create-crons blindly because they change persistent configuration.
What to consider before installing
Before installing or running this skill:
- Review scripts/deploy.js and the generated apply-config.js and create-crons.* files (the README & SKILL.md tell you where they will be written). Do not run apply-config.js or create-crons scripts until you have inspected them.
- Back up your existing ~/.openclaw/openclaw.json before using this skill; the generator reads that file and the generated apply-config.js will write to it.
- If you plan to provide Telegram bot tokens, understand they will be stored in openclaw.json (a global config file). Consider whether you want those tokens in that file and who can read it.
- The skill may read project directories for Deep Dive scans (git, grep, file reads). Limit where you run these scans and avoid running them on sensitive repos without inspection.
- Use the --verify mode and test in a throwaway workspace (small team, separate workspaceDir) first to observe what files are created.
- If you need more assurance, request the author/source or a signed release; the package has no homepage/source provenance listed, which lowers supply-chain confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk974mj2w2kqx0y26mcegxvgxxd843f13
License
MIT-0
Free to use, modify, and redistribute. No attribution required.