SS Requirements to Teambition
PassAudited by ClawScan on May 12, 2026.
Overview
This skill is coherent for its stated automation purpose, but it handles customer chat data, API tokens, Teambition task creation, and optional scheduled runs, so users should review configuration carefully.
Before installing, confirm you are comfortable giving the workflow access to SaleSmartly chats and a Teambition User Token. Start with manual runs, verify the configured tags and Teambition project/stage, review created tasks, and only then enable the optional cron automation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can access SaleSmartly conversation data and act in Teambition as the configured user.
The workflow requires credentials for SaleSmartly and delegated Teambition access. This is expected for collecting conversations and creating tasks, but those credentials should be protected and scoped where possible.
1. **SaleSmartly API Key** — SS 后台 → 设置 → API 管理 2. **Teambition MCP** — 见 [tb_mcp_setup.md]
Use a dedicated or least-privilege account/token if available, protect config files, and revoke or rotate tokens when no longer needed.
Incorrect configuration or analysis could create unwanted or inaccurate Teambition tasks.
The agent is instructed to create Teambition tasks through MCP. This is the skill's core purpose, but it mutates a business workspace based on AI analysis.
汇总后,用 `teambition-mcp__createTaskV3` 创建任务
Test with a small tag/project first, review generated tasks before enabling automation, and keep the configured project/stage IDs tightly scoped.
A compromised or unexpected package version could affect the Teambition MCP integration.
The setup uses a globally installed npm package without a pinned version. This is normal integration plumbing, but it depends on the external package source.
npm install -g teambition-openapi-mcp
Install from the official source, consider pinning a known-good version, and review the package before granting it a User Token.
Customer chat records can persist locally and be loaded into the agent context for analysis.
The script stores collected customer conversation messages in local JSON files for later AI analysis. This is expected, but the files may contain sensitive customer or business information.
"messages": messages, ... out_path.write_text(json.dumps(output, ensure_ascii=False, indent=2))
Restrict which tags are collected, protect the scripts/data directory, avoid collecting unnecessary sensitive content, and adjust retention if 7 days is too long.
If enabled, the workflow may regularly read new conversations and create Teambition tasks without per-run confirmation.
The documentation provides an optional cron configuration that can run collection, analysis, and task creation on a schedule. It is disclosed and optional, but it performs autonomous recurring actions.
"message": "执行 SS 需求采集:1) cd scripts && python3 collect.py 2) 读取 data/ 下最新 JSON 3) 按 config.json 配置分析并创建 TB 任务"
Enable cron only after manual testing, monitor the first runs, and disable the schedule if automatic task creation is not desired.