Openclaw Team Builder
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is a real OpenClaw team-management tool, but its instructions encourage automatic agent creation, broad channel binding, and inter-agent access changes with limited user confirmation.
Use this only if you are comfortable with it changing your OpenClaw team configuration. Before approving any action, ask the agent to list the exact agent changes, channel bindings, agent-to-agent permissions, and gateway restart it will perform. Avoid sending bot tokens unless you intend to configure that channel, and prefer per-channel opt-in rather than binding every enabled channel automatically.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could get a new persistent agent and gateway restart based on inferred defaults or a short request, without seeing a final change plan first.
The skill instructs the agent to execute a persistent OpenClaw team mutation with confirmation prompts skipped, then restart the gateway. This is purpose-related, but it is high-impact automation without a separate review step.
**Step 2: Immediately construct and execute** ... `$TB --add ... --yes` ... Then restart gateway: `openclaw gateway restart`
Before running mutation commands, show the exact agent ID, role, parent, model, channels, and gateway restart impact, then require explicit user approval instead of defaulting to --yes.
A newly created agent may become reachable through multiple existing external channels and inherit access to channel identities the user did not specifically choose for that agent.
Binding a new agent to all enabled messaging channels grants it delegated access across existing channel integrations, but the workflow does not show per-channel consent before the binding happens.
The script automatically: creates agent, generates SOUL.md, configures agentToAgent, and **binds to ALL enabled channels** (Telegram, Discord, Feishu, WeChat, iMessage).
Make channel binding opt-in per channel, display the channels that will be bound, and require explicit approval before using existing channel integrations.
Channel bot tokens and app secrets may be exposed in chat, shell arguments, or command history if handled casually.
The skill accepts Telegram/Discord tokens and Feishu App secrets for channel setup. That is expected for channel management, but it is sensitive credential handling and is not declared in the registry metadata as a credential requirement.
`--feishu-app-id` ... `--feishu-secret` ... `$TB --channels --agent <id> --channel telegram --token <token> --yes`
Tell users to provide bot credentials only when necessary, prefer secure secret storage where OpenClaw supports it, and avoid echoing secrets back in responses or logs.
Information or actions may flow between agents more broadly than the user intended, increasing the blast radius of a bad instruction or compromised agent.
The changelog describes automatic full allow-list management for agent-to-agent communication. Full inter-agent access can be useful for team management, but it is broad and not shown as scoped to specific agents or tasks.
agentToAgent 全量 allow list 自动管理
Use least-privilege agent-to-agent allow lists, show the exact communication permissions that will change, and require approval before broadening inter-agent access.
Users have fewer ways to verify the maintainer, source repository, or update history outside the registry artifact.
The package provenance is limited even though the skill includes a large executable shell script that can modify the local OpenClaw environment. This is not malicious by itself, but users have less external context for trust.
Source: unknown; Homepage: none
Install only if you trust the registry publisher, and review the script before allowing it to mutate your OpenClaw team configuration.