v1.0.0

teambitionweng

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:30 AM.

Analysis

This skill appears to do what it claims—create and query TeamBition tasks—but users should understand it needs TeamBition app credentials and can write tasks.

GuidanceThis looks like a straightforward TeamBition integration. Before installing, make sure you are comfortable giving it TeamBition app credentials with task read/write permissions, use the narrowest permissions available, set the default project carefully, and require confirmation for task creation if accidental writes would be disruptive.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

main.py

action = params.get("action", "create_task") ... if action == "create_task": return skill.create_task(params)

The skill defaults to the mutating create_task action when action is omitted. This matches the skill purpose and still requires task parameters, but users should be aware that task creation is the default path.

User impactIf an agent invokes the skill with enough task information but without an explicit action, it may create a TeamBition task.

RecommendationAsk the agent to confirm before creating tasks, and provide an explicit action value when using the skill.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

TEAMBITION_APP_ID ... 是 ... TeamBition 开放平台应用 ID | TEAMBITION_APP_SECRET ... 是 ... TeamBition 开放平台应用秘钥 | TEAMBITION_ACCESS_TOKEN ... 否 ... 预配置的访问令牌

The skill requires a TeamBition app ID and app secret, with an optional access token. These credentials are expected for the stated integration, but they provide delegated access and should be protected.

User impactAnyone installing this skill must provide credentials that can allow the agent to access TeamBition task data and create tasks.

RecommendationUse a least-privilege TeamBition application or token limited to the needed workspace/projects, and rotate the secret if it may have been exposed.