ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TeamApp Admin

v1.0.0

Use when interacting with TeamApp club admin JSON endpoints on teamapp.com to create/read/update News articles and Schedule events, and to resolve Team and A...

0· 90·0 current·0 all-time
bySteve G@thed000d

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for thed000d/teamapp-admin.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "TeamApp Admin" (thed000d/teamapp-admin) from ClawHub.
Skill page: https://clawhub.ai/thed000d/teamapp-admin
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install teamapp-admin

ClawHub CLI

Package manager switcher

npx clawhub@latest install teamapp-admin
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, SKILL.md, and the included api-map and wrapper script all align with managing TeamApp club admin JSON endpoints (news, events, teams, access groups). However the registry metadata claims no required env vars while the wrapper script and SKILL.md require a sensitive TA_AUTH_TOKEN cookie; examples also reference TA_CLUB_ID which is not declared. The lack of a homepage or known source reduces provenance.
Instruction Scope
Runtime instructions are focused on reading JSON schemas and using the provided wrapper to call TeamApp endpoints; they do not instruct the agent to read arbitrary system files. The wrapper enforces session bootstrapping, CSRF extraction, and cookie management which are reasonable for the stated purpose. However examples reference an undeclared TA_CLUB_ID env var and the instructions insist on injecting a browser cookie value (TA_AUTH_TOKEN), a sensitive credential.
Install Mechanism
There is no install spec (instruction-only with one shell wrapper file). Nothing is downloaded or installed by the skill, which keeps install risk low.
!
Credentials
The script requires TA_AUTH_TOKEN (the ta_auth_token cookie) — a sensitive credential appropriate for web session actions, but the registry metadata falsely lists no required env vars. Examples also use TA_CLUB_ID but it is not declared. Requesting a live session cookie is proportionate to the capability but the metadata/instructions mismatch and lack of provenance are concerning.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configs, and only writes temporary files under /tmp for cookies/CSRF. Autonomy is allowed (default) but that is normal for skills.
What to consider before installing
This skill appears to implement TeamApp admin operations and includes a shell wrapper that requires your browser's ta_auth_token cookie (TA_AUTH_TOKEN) and likely a TA_CLUB_ID environment variable. Before installing or using it: 1) Verify the publisher/source (there is no homepage listed). 2) Understand that you must supply a live session cookie — treat it like a password: do not share it with untrusted code. 3) Prefer using an account with limited privileges and rotate the cookie after use. 4) Confirm the registry metadata is corrected to list TA_AUTH_TOKEN (and TA_CLUB_ID if required). 5) Optionally review/scan the wrapper script yourself (it is short and only talks to teamapp.com and the user-provided URLs). If you cannot verify the author or are unwilling to provide a session cookie, do not install or use this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk973218wvswzfxpdcxeq94h34183fqtx
90downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Steve G@thed000d
latest
Download

TeamApp Admin API

Use this skill for TeamApp admin operations against JSON endpoints discovered from the web app.

Quick Workflow

  1. Resolve IDs first.
  1. Read form schemas before writing.
  • Open new.json or edit.json endpoint for the target resource.
  • Use the embedded onSubmit controller and URL as source of truth for method and endpoint.
  1. Create or update content.
  • Submit payload fields exactly as named in the schema.
  • For visibility-scoped content, set ...access_level_ids_csv only when visibility is access_groups.
  1. Verify by reloading list endpoints.
  • Re-read list JSON and confirm returned object IDs, titles, and action URLs.

Auth and Session Requirements

MANDATORY: All interactions with the TeamApp API via this skill must use the provided wrapper script bin/api-wrapper.sh.

This wrapper automatically handles:

  • Session bootstrapping (fetching the dashboard to establish a session).
  • CSRF token extraction and caching.
  • Cookie management (ta_auth_token and _teamapp_session).
  • Session refreshing on expiration (401/422 errors).

Required Environment Variables

The wrapper requires the following variables to be set in your shell environment:

  • TA_AUTH_TOKEN: The ta_auth_token cookie value (extracted from a browser session).

Usage

Call the wrapper with the HTTP method, the full URL, and any curl options (like data payloads).

# General Syntax
./bin/api-wrapper.sh [METHOD] [URL] [CURL_OPTIONS...]

Example: Read Articles

./bin/api-wrapper.sh GET "https://examplesite.teamapp.com/clubs/$TA_CLUB_ID/articles.json?_detail=v1"

Example: Create Article

./bin/api-wrapper.sh POST "https://examplesite.teamapp.com/clubs/$TA_CLUB_ID/articles.json?_post_response=v1" \
  --data-urlencode "article[subject]=My Title" \
  --data-urlencode "article[body]=My Body" \
  --data-urlencode "article[visibility]=public" \
  --data-urlencode "article[comments_enabled]=1" \
  --data-urlencode "article[feature]=0" \
  --data-urlencode "article[html_body]=0" \
  --data-urlencode "article[release_pending]=0" \
  --data-urlencode "send_notifications=0"

Scheduling and Notifications

All News and Events support scheduling and configurable notification delivery.

Scheduling (Release Control)

  • ...[release_pending]: Set to 0 for immediate release, or 1 to schedule for later.
  • ...[release_at]: When release_pending is 1, provide an ISO 8601 timestamp (e.g., 2026-03-25 10:00).

Notification Delivery

The send_notifications parameter controls how users are alerted:

  • 0: None (Silent release)
  • 1: Push OR Email (Default: sends push if enabled on device, falls back to email if notifications are disabled)
  • 2: Push AND Email (Sends both regardless of app notification status)

Event Reminders

Events include an additional event[reminder] field for automated alerts:

  • -1: None
  • 0: At starting time
  • 1800: 30 minutes before
  • 3600: 1 hour before
  • 86400: 1 day before (and other standard intervals in seconds)
  • -2: Custom (requires event[reminder_datetime])

Operations

News Articles (create/read/update)

Required baseline fields for create:

  • article[subject]
  • article[body]
  • article[visibility] (public|approved_members|access_groups)
  • article[comments_enabled] (0|1)
  • article[feature] (0|1)
  • article[html_body] (0|1)
  • article[release_pending] (0|1)
  • send_notifications (0|1|2)

Schedule Events (create/read/update)

Key fields:

  • event[team_id], event[title]
  • event[datetime], event[datetime_end] or all-day fields
  • event[details] / html variant fields
  • event[visibility], event[access_level_ids_csv]
  • event[release_pending], event[release_at]
  • send_notifications, event[reminder], event[reminder_datetime]

Teams and Access Groups (ID resolution + targeting)

Use list endpoints to resolve IDs before posting news/events:

Use team/access-group IDs in:

  • event[team_id]
  • article[access_level_ids_csv]
  • event[access_level_ids_csv]
  • team[access_level_ids_csv]
  • roster_access_level_id

References

Comments

Loading comments...