Openclaw Team Builder
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-team-builder Version: 3.6.1 The OpenClaw Team Builder skill is a legitimate administrative tool designed to manage AI agent hierarchies and configurations. It provides functionality for adding agents, visualizing team structures, performing health checks, and configuring communication channels (Telegram, Discord, Feishu) using the official OpenClaw CLI. The core logic in scripts/team-builder.sh includes robust backup and rollback mechanisms, ensuring configuration safety. While the skill handles sensitive bot tokens and modifies the openclaw.json config, its behavior is transparently aligned with its stated purpose, and the SKILL.md instructions provide a structured, user-confirmed workflow without any indicators of data exfiltration or unauthorized remote execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could get a new persistent agent and gateway restart based on inferred defaults or a short request, without seeing a final change plan first.
The skill instructs the agent to execute a persistent OpenClaw team mutation with confirmation prompts skipped, then restart the gateway. This is purpose-related, but it is high-impact automation without a separate review step.
**Step 2: Immediately construct and execute** ... `$TB --add ... --yes` ... Then restart gateway: `openclaw gateway restart`
Before running mutation commands, show the exact agent ID, role, parent, model, channels, and gateway restart impact, then require explicit user approval instead of defaulting to --yes.
A newly created agent may become reachable through multiple existing external channels and inherit access to channel identities the user did not specifically choose for that agent.
Binding a new agent to all enabled messaging channels grants it delegated access across existing channel integrations, but the workflow does not show per-channel consent before the binding happens.
The script automatically: creates agent, generates SOUL.md, configures agentToAgent, and **binds to ALL enabled channels** (Telegram, Discord, Feishu, WeChat, iMessage).
Make channel binding opt-in per channel, display the channels that will be bound, and require explicit approval before using existing channel integrations.
Channel bot tokens and app secrets may be exposed in chat, shell arguments, or command history if handled casually.
The skill accepts Telegram/Discord tokens and Feishu App secrets for channel setup. That is expected for channel management, but it is sensitive credential handling and is not declared in the registry metadata as a credential requirement.
`--feishu-app-id` ... `--feishu-secret` ... `$TB --channels --agent <id> --channel telegram --token <token> --yes`
Tell users to provide bot credentials only when necessary, prefer secure secret storage where OpenClaw supports it, and avoid echoing secrets back in responses or logs.
Information or actions may flow between agents more broadly than the user intended, increasing the blast radius of a bad instruction or compromised agent.
The changelog describes automatic full allow-list management for agent-to-agent communication. Full inter-agent access can be useful for team management, but it is broad and not shown as scoped to specific agents or tasks.
agentToAgent 全量 allow list 自动管理
Use least-privilege agent-to-agent allow lists, show the exact communication permissions that will change, and require approval before broadening inter-agent access.
Users have fewer ways to verify the maintainer, source repository, or update history outside the registry artifact.
The package provenance is limited even though the skill includes a large executable shell script that can modify the local OpenClaw environment. This is not malicious by itself, but users have less external context for trust.
Source: unknown; Homepage: none
Install only if you trust the registry publisher, and review the script before allowing it to mutate your OpenClaw team configuration.