Teamgram Client E2E Flow
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill installs no code, but it includes under-disclosed instructions to bypass Teamgram enterprise feature checks.
This skill does not install or run code, but read it carefully before relying on it: it contains instructions for bypassing Teamgram enterprise checks. Only use those instructions in an authorized environment, and verify whether the documented APP_HASH is safe to expose for your deployment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill as reference could recommend or make server code changes that bypass licensing or access-control behavior, potentially violating policy or changing production behavior unexpectedly.
The skill is described as architecture and data-flow documentation, but this section tells the user or agent how to remove or bypass an enterprise feature gate without authorization caveats or safety limits.
解锁方法:修改 biz_service 中对应 helper 的企业版检查逻辑,移除或绕过 `checkEnterprise()` 调用。
Remove the bypass guidance, or clearly restrict it to authorized development/testing contexts and require explicit user approval before any code modification.
If a deployment treats API hashes as sensitive, copying or reusing these values in production documentation or configuration could expose an application credential.
The document includes credential-like application identifiers used in the login API flow. The skill claims they are public and there is no runtime credential handling, so this is a notice rather than a direct misuse concern.
`BuildVars.APP_ID = 4`; `BuildVars.APP_HASH = "014b35b6184100b085b0d0572f9b5103"` ... `auth.sendCode(phone_number, api_id, api_hash, settings)`
Confirm whether APP_HASH is intended to be public for the target deployment, and avoid publishing production-specific secrets.