RocketChat
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Rocket.Chat API command reference, but it uses a real chat account token and includes commands that can post, delete, or administer workspace content.
Install only with a Rocket.Chat token you are comfortable delegating to the agent. Prefer a limited bot account, review any requested write or admin action before it runs, and avoid using a broad admin token for routine messaging tasks.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can act with the permissions of the supplied Rocket.Chat account, including access to rooms or admin actions if the token has those privileges.
The skill requires a Rocket.Chat auth token and user ID so it can act through the Rocket.Chat REST API.
requires:\n env:\n - RC_URL\n - RC_TOKEN\n - RC_USER_ID\n... primaryEnv: RC_TOKEN
Use a least-privileged bot or service account token, avoid admin tokens unless needed, and rotate the token if it may have been exposed.
If used with sufficient permissions, the skill can change visible team communications and account state in Rocket.Chat.
The documented API examples include workspace-mutating operations such as archiving channels, posting or deleting messages, and creating users.
# Archive channel ... /api/v1/channels.archive\n# Send message ... /api/v1/chat.postMessage\n# Delete message ... /api/v1/chat.delete\n# Create user (admin) ... /api/v1/users.create
Require clear user confirmation before posting, editing, deleting, archiving, or creating users, and keep the token restricted to the rooms and actions actually needed.