Build Teams.ai Apps with Anthropic Claude
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: teams-anthropic-integration Version: 1.1.0 The skill bundle provides instructions and code for integrating Anthropic Claude models and You.com's MCP service into Microsoft Teams.ai applications. All package installations, API key handling (from environment variables), and network calls (to Anthropic and You.com APIs) are standard practices for the stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or harmful prompt injection attempts against the agent. The instructions for the AI model itself are benign and define its role as a helpful assistant.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing unpinned packages can pull in newer package or dependency versions later, which may change behavior in a Teams app.
The skill asks the user to install external npm packages as the core setup mechanism. This is purpose-aligned, but the versions are not pinned in the shown instructions.
npm install @youdotcom-oss/teams-anthropic @anthropic-ai/sdk @microsoft/teams.ai
Verify the npm package source, pin dependency versions, commit a lockfile, and review package updates before deploying.
If these keys are exposed, someone else could use the user’s Anthropic or You.com account quota or access.
The skill instructs users to configure Anthropic and You.com API keys. These credentials are expected for the stated services, but they grant access to paid/provider accounts.
ANTHROPIC_API_KEY=your-anthropic-api-key YDC_API_KEY=your-you-com-api-key
Store keys securely, avoid committing .env files, rotate keys if exposed, and use the least-privileged keys available.
Teams messages or search queries may be sent to external AI/search services when the app uses Claude and You.com MCP.
The optional path connects the Teams.ai app to an MCP-based external search/content extraction service. This is disclosed and purpose-aligned, but it creates an external tool/data boundary.
Optionally integrate You.com MCP server for web search and content extraction.
Review provider data policies, avoid sending sensitive Teams content unless appropriate, and document when external tools are used.