Team Collab Repo
v1.0.0多模型团队协作系统 - 像公司一样运作,不同模型扮演不同角色(产品经理、程序员、设计师、测试、审查员、法律顾问、艺术专家、市场分析专家)协作完成项目。支持两种模式:角色扮演模式(快速高效)和模型切换模式(高级,真正调用不同模型)。使用场景:做项目、开发应用、写复杂代码、需要多角色协作的任务。触发词:"团队协作"、...
⭐ 1· 76·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise (multi-model team orchestration) matches the delivered content: SKILL.md describes role/flow and scripts show how to spawn per-role sessions (sessions_spawn examples) and create local project scaffolding. There are no unrelated environment variables, binaries, or install steps that don't fit the stated purpose.
Instruction Scope
SKILL.md and the scripts focus on role-based workflows and give explicit spawn-call examples. They do not instruct reading unrelated system files or exporting data to third-party endpoints. Note: the skill encourages configuring arbitrary model agentIds (custom models), and the '模型切换' mode instructs the agent to spawn separate sessions/agents — that means user project content will be sent to whichever models/agentIds you enable. This is expected for the feature but grants the skill (when invoked) discretion to call other models and share conversation content with them.
Install Mechanism
No install spec; the package is instruction/code-only. Included Python scripts are simple (create files/print spawn instructions) and do not download or execute remote archives. No high-risk install URLs or extract steps.
Credentials
The skill requests no environment variables or credentials. It references a project config file (project/local team-collab.json and ~/.openclaw/team-collab.json) and writes project files to the current working directory — reasonable and proportional to its purpose. There are no requests for unrelated secrets or system-wide credential paths.
Persistence & Privilege
always:false (good). The skill allows autonomous model invocation (platform default). Combined with the model-switching workflow, an agent invoking this skill could automatically spawn multiple other model sessions and incur API calls or expose project content to those models. This behavior is coherent with the feature but increases blast radius in adversarial scenarios (e.g., if you point roles at untrusted models).
Assessment
This skill appears to do what it claims: orchestrate role-based multi-model workflows and create simple project scaffolding. Before installing: 1) remember that '模型切换' (advanced) mode will send your project text to whatever model agentIds you configure — only use trusted models to avoid leaking sensitive data; 2) scripts create files in the current directory and write a project JSON/README — review them and run locally if you trust that behavior; 3) if you enable autonomous invocation for the agent, the skill can automatically spawn many sub-sessions (and cause extra API requests/charges), so limit autonomous use or restrict which models/agentIds are allowed; 4) verify the skill source if provenance matters (the package references an external GitHub URL and a ClawHub badge, but the registry 'Source' and 'Homepage' fields are unknown). If you need higher assurance, ask the author for a canonical repository or run the scripts in a sandbox first.Like a lobster shell, security has layers — review code before you run it.
latestvk97ek5vsspyx21h1b8h3nv7gm183c6yt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.