← Back to Skills Marketplace
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install teammate-skill
Description
Distill a teammate into an AI Skill. Auto-collect Slack/Teams/GitHub data, generate Work Skill + 5-layer Persona, with continuous evolution. Use when: user w...
Usage Guidance
What to consider before installing or running this skill:
- Metadata mismatch: the registry lists no required credentials but the docs and SKILL.md explicitly require a Slack Bot token and a GitHub token. Ask the author to update the registry or explain why credentials aren't declared.
- Audit the code first: the package includes multiple collector scripts that will read chats, emails, PRs and save config/tokens locally. Inspect slack_collector.py, github_collector.py and privacy_guard.py to confirm where data is sent, how tokens are stored, and that no unexpected remote endpoints are contacted.
- Use least privilege: if you proceed, create dedicated, minimal-scope credentials (a Slack app with only the channels the bot actually needs and a GitHub token with minimal scopes) and rotate/delete them after use. Avoid using org-wide admin tokens.
- Avoid running autonomously until audited: because the skill can be invoked by agents, restrict autonomous runs or require manual approval for collectors so it cannot silently harvest data.
- Secure storage: do not paste long-lived tokens into insecure prompts; prefer ephemeral tokens or a secrets manager. If the tool writes tokens to ~/.teammate-skill/slack_config.json, ensure that file is protected (file permissions) and consider deleting it after use.
- Test in isolation: run collectors against non-production or sample exports first to verify behavior and privacy_guard redaction works as expected.
If you cannot review the code or follow the above mitigations, treat the skill as high-risk for sensitive data exposure and do not install it in production environments.
Capability Analysis
Type: OpenClaw Skill
Name: teammate-skill
Version: 2.0.0
The teammate-skill bundle is a legitimate tool designed to create AI personas by analyzing professional artifacts such as Slack messages, GitHub PRs, and Notion documents. It features a suite of Python utilities (e.g., slack_collector.py, github_collector.py, and various parsers) that fetch and process data locally within the agent's workspace. Notably, it includes a privacy_guard.py tool specifically designed to scan for and redact PII (emails, API tokens, etc.) before skills are finalized. While the skill includes an 'auto-install' feature that copies generated files into the agent's configuration directory, this behavior is transparently documented and essential to its core functionality of skill generation. No evidence of malicious exfiltration, unauthorized remote control, or obfuscation was found.
Capability Assessment
Purpose & Capability
The skill claims to 'auto-collect Slack/Teams/GitHub' and the repository includes multiple collector/parser tools (slack_collector.py, github_collector.py, teams_parser.py, email_parser.py, etc.), which is coherent with its stated purpose. However the registry metadata declares no required environment variables or credentials while the SKILL.md and INSTALL.md explicitly instruct users to provide a Slack Bot token (xoxb-...), a GITHUB_TOKEN, and to run setup that persists a config in ~/.teammate-skill. That mismatch (declared none vs. actual need for tokens and saved config) is an incoherence and should be explained by the author.
Instruction Scope
SKILL.md instructs the agent/operator to auto-collect messages, threads, PRs, reviews, emails, Teams exports, Notion/Confluence exports and to run local scripts that will read and parse those artifacts. It also directs saving Slack config and tokens to ~/.teammate-skill/slack_config.json and using environment GITHUB_TOKEN. The instructions permit collecting private channel history (optional scopes) and using admin/export files. These are within the skill's purpose but they expand scope to highly sensitive personal and corporate data; the SKILL.md lacks an explicit, enforced least-privilege guidance and leaves potentially ambiguous decisions (which channels/repos to scan) to the operator/agent.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only), but the package includes 12 Python tools and an INSTALL.md that recommends cloning from a GitHub repo and optionally running pip install -r requirements.txt (slack_sdk). The install flow is typical but means arbitrary Python code will be present and executed locally if the user follows the guide; no remote, obfuscated download URLs are used in the docs (github clone recommended), which lowers some risk but still requires code review before execution.
Credentials
Although the registry declares no required env vars, the docs explicitly require/encourage: a Slack Bot OAuth token with channel history scopes and a GitHub personal access token (repo or public_repo). Those credentials grant broad read access to potentially private communications and repositories. The skill also persists tokens/config to the home directory. Requesting such high-scope credentials is proportionate to 'auto-collect' functionality only if the user intends full workspace harvesting — but the metadata omission and lack of concrete guidance on minimal scopes, token rotation, or secure storage make this a clear red flag.
Persistence & Privilege
always:false (no forced inclusion) and there is no indication the skill modifies other skills or system-wide agent settings. The tool writes its own config under ~/.teammate-skill and manages teammate artifacts in ./teammates/{slug}/ which is expected for this function. However, because the skill can be invoked autonomously (platform default) and requests sensitive tokens, autonomous operation would increase blast radius — reviewers should consider running collectors manually or restricting autonomous runs until the code is audited.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install teammate-skill - After installation, invoke the skill by name or use
/teammate-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
v2.0.0: Quality Pipeline (Smoke Test + Quality Gate + Privacy Guard), /compare side-by-side teammate comparison, /export-teammate portable packages, Size Guard, 3-tier data volume strategy, non-tech role support, 8-language READMEs, 12 Python tools, 9 prompt templates
Metadata
Frequently Asked Questions
What is teammate.skill?
Distill a teammate into an AI Skill. Auto-collect Slack/Teams/GitHub data, generate Work Skill + 5-layer Persona, with continuous evolution. Use when: user w... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.
How do I install teammate.skill?
Run "/install teammate-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is teammate.skill free?
Yes, teammate.skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does teammate.skill support?
teammate.skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created teammate.skill?
It is built and maintained by MyClaw.ai (@myclaw-ai); the current version is v2.0.0.
More Skills