← Back to Skills Marketplace
maverick-software

Team Projects

by maverick-software · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
387
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install team-projects
Description
Multi-agent project management with task boards, @-mention routing, WBS, and orchestrated team collaboration. Includes a Control UI plugin tab with project d...
Usage Guidance
This package implements the UI and local scripts needed for multi-agent project management, but several red flags deserve attention before you install it: - Hardcoded local path: the Control view instructs an agent to run a Node command at '/home/charl/.openclaw/.../project-store.js'. That looks like a leftover developer path and would fail or, worse, cause an agent to run unexpected local binaries. Insist that the author make commands relative to the installed plugin path or configurable (TEAM_PROJECTS_DIR), and remove developer-specific absolute paths. - Agents executing local commands: the view uses sessions.send to ask an agent to run a local CLI script. Confirm whether your agents are allowed/able to execute such commands and audit what those scripts do. If you do not want agents to run arbitrary local commands, do not enable the recommended exec/sessions_send permissions. - Broad permissions recommended: the example config and SKILL.md advise allowAgents: ["*"] and tools.allow: ["*"]. These are convenient but grant wide access across agents and tools. Prefer least privilege: only allow the coordinator the specific agent IDs and tools it needs. - Optional HTTP API with CORS '*': gateway-handlers.js can start an HTTP server if TEAM_PROJECTS_PORT > 0. If you enable it, bind to localhost only as shown and protect it with auth or firewall rules; CORS '*' plus no auth could expose project data to local web pages. - Code review & sandboxing: because the skill reads/writes files under ~/.openclaw and runs Node scripts, review project-store.js and orchestrator.js in full (especially writeFileSync/appendFileSync usage) and test in an isolated environment before adding to production. What would increase confidence: an updated SKILL.md removing hardcoded paths, a configuration option to point to the installed plugin directory, concrete minimum permission requirements (exact tools/agent IDs), and confirmation that the HTTP API supports authentication or is disabled by default. If you provide the omitted remaining files, I can re-check for other risky patterns (network calls, credential use, shell exec).
Capability Analysis
Type: OpenClaw Skill Name: team-projects Version: 1.3.0 The skill bundle implements a complex multi-agent project management system but uses high-risk architectural patterns. Most notably, it requires the user to manually patch the OpenClaw source code and build pipeline (SKILL.md, BUILD_REGISTRATION.md), and the UI component (team-projects-view.ts) fetches data by sending 'silent' chat messages that trigger shell execution of local scripts (node project-store.js). While these behaviors appear aligned with the stated goal of providing a project dashboard, the use of the agent as a shell-execution proxy for the frontend and the requirement for core source code modification represent a significant security risk and deviate from standard plugin sandboxing.
Capability Assessment
Purpose & Capability
The name/description match the provided code: UI plugin code, project-store, orchestrator, and gateway handler scripts implement project boards, task routing, and multi-agent orchestration. Requiring edits to the OpenClaw UI and plugin registration is consistent with adding a Control UI plugin. However, some example config and view code recommend broad permissions (allowAgents: ["*"], tools.allow: ["*"]) that are more permissive than strictly necessary and weaken the principle of least privilege. Also the view code asks an agent to run a Node CLI at an absolute developer path (/home/charl/...), which is inconsistent with a normal install flow.
Instruction Scope
SKILL.md instructs modifying OpenClaw internals (expected for a plugin) but also contains instructions and code that direct agents to run local CLI scripts and read/write files under the host user's home (~/.openclaw/workspace/team-projects). The team-projects view explicitly sends a sessions message that tells an agent to 'node /home/charl/.../project-store.js list' — hardcoded absolute path and instructing an agent to execute local commands is unexpected and broad. The gateway handler optionally starts an HTTP API (if TEAM_PROJECTS_PORT set) with CORS '*' and no auth by default, which could expose local project data if enabled. The skill's instructions therefore include file I/O and command execution beyond mere UI rendering.
Install Mechanism
No external install/downloads are used; this is instruction + source files the integrator must copy into the OpenClaw codebase. That reduces supply-chain download risk. The install requires direct edits to the application's source and build registration (patching tsdown.config.ts, loader, package.json exports), which is invasive but coherent for a UI plugin.
Credentials
The skill declares no required env vars, but the code uses optional environment variables (TEAM_PROJECTS_DIR, TEAM_PROJECTS_PORT) and defaults to HOME or /root. Example configs and SKILL.md recommend enabling agentToAgent.allow: ["*"] and coordinator subagents.allowAgents: ["*"], and the example agent 'main' has tools.allow: ["*"]. Granting '*' to agent-to-agent and tool capabilities is broad and disproportionate for many deployments. The hardcoded absolute path in the view code is also environment-specific and unjustified.
Persistence & Privilege
The skill requires persistent changes to OpenClaw configuration and source (plugin SDK entry, build registration, app render/gateway patches), which is expected for a UI plugin. It does not set always: true and does not claim elevated platform privileges. Still, the recommended config changes (allowAgents: ['*'], wide tool allow lists) increase the skill's runtime reach and persistence across agent sessions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install team-projects
  3. After installation, invoke the skill by name or use /team-projects
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
v1.3.0: Fix Team Chat drawer CSS (styles were dead code due to no Shadow DOM — converted to inline style tags), add Projects plugin tab client-side registration in app-gateway.ts, fix icon to use available fileText instead of missing clipboard-list, add team-chat-drawer.ts to gateway-plugin references, update SKILL.md with CSS gotcha docs and current architecture
v1.2.0
Added gateway plugin for Control UI tab, build registration docs, view renderer, bug fixes
v1.1.0
v1.1.0: Added gateway plugin for Control UI tab (Projects sidebar), build registration docs, plugin SDK entry, view renderer, app-render/app-gateway patches, BUILD_REGISTRATION.md. Fixed dependsOn array normalization bug. Documented allowAgents per-agent gotcha and all 4 plugin registration points.
v1.0.0
Initial release — multi-agent project management with task boards, @-mention routing, WBS, orchestrator, sidebar UI, team chat, coordinator/worker prompt templates
Metadata
Slug team-projects
Version 1.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Team Projects?

Multi-agent project management with task boards, @-mention routing, WBS, and orchestrated team collaboration. Includes a Control UI plugin tab with project d... It is an AI Agent Skill for Claude Code / OpenClaw, with 387 downloads so far.

How do I install Team Projects?

Run "/install team-projects" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Team Projects free?

Yes, Team Projects is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Team Projects support?

Team Projects is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Team Projects?

It is built and maintained by maverick-software (@maverick-software); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments