← Back to Skills Marketplace

Team Builder

Name: Team Builder
Author: beyound87

by beyound87 · GitHub ↗ · v3.0.0 · MIT-0

cross-platform ⚠ suspicious

900

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install team-builder

Description

在 OpenClaw 上一键部署多 Agent SaaS 团队工作区。内置双开发轨（devops 交付 + fullstack-dev 实现）、实时 spawn 调度、cron 巡检、Deep Dive 产品知识目录、onboarding 引导。支持自定义角色、模型、时区，可选 Telegram 接入。

Usage Guidance

Before installing or running this skill: - Review scripts/deploy.js and the generated apply-config.js and create-crons.* files (the README & SKILL.md tell you where they will be written). Do not run apply-config.js or create-crons scripts until you have inspected them. - Back up your existing ~/.openclaw/openclaw.json before using this skill; the generator reads that file and the generated apply-config.js will write to it. - If you plan to provide Telegram bot tokens, understand they will be stored in openclaw.json (a global config file). Consider whether you want those tokens in that file and who can read it. - The skill may read project directories for Deep Dive scans (git, grep, file reads). Limit where you run these scans and avoid running them on sensitive repos without inspection. - Use the --verify mode and test in a throwaway workspace (small team, separate workspaceDir) first to observe what files are created. - If you need more assurance, request the author/source or a signed release; the package has no homepage/source provenance listed, which lowers supply-chain confidence.

Capability Analysis

Type: OpenClaw Skill Name: team-builder Version: 3.0.0 The 'team-builder' skill is a deployment framework that automates the setup of a multi-agent workspace, but it employs several high-risk behaviors. The core script `scripts/deploy.js` generates an `apply-config.js` file designed to modify the global `openclaw.json` configuration, adding eight new agents and enabling broad `agentToAgent` communication permissions. It also creates ten persistent cron jobs via `create-crons.sh/ps1` for automated agent execution. Furthermore, the 'Deep Dive' protocol (found in `references/agent-refs/fullstack-dev/deep-dive-protocol.md`) instructs agents to perform extensive scans of local project directories, utilizing system commands like `tree`, `grep`, and framework-specific CLIs to extract architectural and database metadata. While these capabilities are consistent with the stated goal of building an autonomous development team, the combination of global configuration modification, persistence, and broad filesystem discovery represents a significant security surface.

Capability Assessment

⚠ Purpose & Capability

The name/description (team workspace generator) matches the code and templates: it generates agent SOULs, AGENTS.md, onboarding files, cron scripts and an apply-config.js. However the runtime behavior reads and (when you run apply-config.js) writes the global OpenClaw config (~/.openclaw/openclaw.json) and creates files under a workspace directory. The registry metadata lists no required config paths or credentials, so the skill underdeclares that it accesses/modifies system-level config.

ℹ Instruction Scope

SKILL.md and templates clearly instruct scanning openclaw.json, reading/writing workspace files, and optionally storing Telegram bot tokens into openclaw.json. The deploy script reads ~/.openclaw/openclaw.json to auto-detect model providers and writes many files under the chosen workspace. The instructions also describe deep-dive scans that read project code, run git/grep commands, and produce knowledge files — this is coherent with the feature but broad (it can access arbitrary project files when you run the deep-dive). The docs state that apply-config.js/create-crons are manual steps and recommend review, which mitigates but does not remove the need for user review.

✓ Install Mechanism

No install spec and only one included script (scripts/deploy.js). No network downloads or external installers are present in the provided files. Risk from installation is limited to files the script writes into your chosen workspace and any manual execution of apply-config.js/create-crons. This is the lowest-risk install pattern, but review of the generated files is still required.

⚠ Credentials

The skill declares no required env vars or primary credential, yet the deploy script implicitly depends on the HOME (or USERPROFILE) environment and reads ~/.openclaw/openclaw.json to detect model providers. SKILL.md also documents storing optional Telegram bot tokens into openclaw.json. Because the manifest does not declare access to openclaw.json or to HOME, the declared environment/credential requirements are incomplete. Users should assume the skill will read your OpenClaw config and (if you run generated apply-config.js) update it; optional storage of Telegram tokens into a global config is another sensitive write operation.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request autonomous special privileges. However it generates scripts that, when executed, will modify openclaw.json and create cron jobs in the target workspace. SKILL.md explicitly warns these write actions are manual and recommends reviewing apply-config.js. That reduces the danger but you must not run generated apply-config.js/create-crons blindly because they change persistent configuration.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install team-builder
After installation, invoke the skill by name or use /team-builder
Provide required inputs per the skill's parameter spec and get structured output

Version History

v3.0.0

不使用acp session模式来模拟claude持久化

v2.0.6

不使用acp session模式来模拟claude持久化

v2.0.4

不使用acp session模式来模拟claude持久化

v2.0.2

不使用acp session模式来模拟claude持久化

v2.0.1

不使用acp session模式来模拟claude持久化

v2.0.0

不使用acp session模式来模拟claude持久化

v1.0.32

Initial release: 8-agent SaaS growth team deployer

v1.0.31

Initial release: 8-agent SaaS growth team deployer

v1.0.30

Initial release: 8-agent SaaS growth team deployer

v1.0.24