msteams china adapter
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: msteamschinaadapter Version: 10.0.2 The skill bundle performs high-risk 'hotpatching' by directly modifying JavaScript files within the OpenClaw core and MSTeams plugin directories (e.g., in patch_all_v10.cjs and apply_patch.cjs). It also modifies system-level environment variables via the Windows Registry and appends to .bashrc on Linux to force the use of Microsoft Teams China (21Vianet) endpoints such as login.chinacloudapi.cn and microsoftgraph.chinacloudapi.cn. While these actions are consistent with the stated purpose of enabling regional support, the practice of modifying installed application code and system configuration files is inherently risky and bypasses standard security boundaries.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or incompatible patch could break OpenClaw, affect Teams messaging, alter future runtime behavior, or change system-wide settings.
The skill instructs the agent/user to perform broad local mutations of installed OpenClaw code, plugin code, environment variables, and Gateway state. These are high-impact actions and the artifacts do not clearly require manual confirmation, backup, or rollback before applying them.
应用端点补丁到 OpenClaw dist + MSTeams 插件 dist 文件 ... 设置 `CLOUD=china` 和 `SERVICE_URL=...` 系统级环境变量 ... 自动重启 Gateway
Run only after reviewing the scripts, backing up OpenClaw/@openclaw/msteams files and environment settings, and confirming the exact version compatibility. Prefer a dry-run and explicit approval before any patch or restart.
If configured for heartbeat, cron, or session startup, the skill may automatically rewrite files and restart the gateway after upgrades without the user reviewing each change.
The skill explicitly supports autonomous remediation and service restart after detecting a version change, which can keep changing the local installation outside a single user-directed repair step.
自动触发修复: 检测到 OpenClaw 版本升级 + @openclaw/msteams 已安装时,自动执行 6 阶段修复 ... 自动重启 Gateway
Do not enable scheduled/heartbeat/session-start auto-fix unless this is intentionally desired. Require an interactive confirmation before repair and restart, and document how to disable the auto-detect state.
A bad patch can propagate into every Teams interaction handled by the local OpenClaw gateway and may persist across restarts.
The patch targets shared runtime components and environment settings, so one failed or stale string replacement can affect all OpenClaw gateway and Teams provider operation, not just one conversation.
OpenClaw 核心 dist 补丁 ... MSTeams 插件 dist 补丁 ... 环境变量设置: `CLOUD=china` + `SERVICE_URL=...`
Apply in a controlled maintenance window, keep file backups, verify checksums or diffs, and have a clear rollback path before restarting the gateway.
Running the script executes local commands and can be affected by the local environment.
The script executes local shell commands. This is expected for version detection and patching, but users should know the scripts depend on local PATH and command behavior.
const out = execSync('openclaw --version', { encoding: 'utf8', timeout: 10000 }).trim();Run from a trusted shell with a known PATH, and inspect the script before execution.
It may be harder to confirm exactly which release and scripts are being installed or reviewed.
The supplied registry metadata lists version 10.0.2 and .clawhub/origin.json lists installedVersion 1.0.1, while _meta.json lists 10.1.0. This version drift is a provenance/review note for a skill that includes runnable patch scripts.
"version": "10.1.0"
Verify the package source, version, and script contents before running the patch, especially because the skill modifies installed application files.