← Back to Skills Marketplace
Teams Delegate
by
Natnael Teshome
· GitHub ↗
· v1.0.4
473
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install teams-delegate
Description
Delegate Microsoft Teams inbox management to your AI agent for auto-replies, message summaries, priority filtering, and context-aware responses.
Usage Guidance
This skill appears to do what it says, but review a few items before installing:
- Permissions: The Azure app requires powerful Graph scopes (read/write chat, send channel messages). Granting these lets the app read your Teams messages and send messages as you — only proceed if you trust the code and the maintainer.
- Admin consent: On corporate tenants you may need admin consent. If you are an employee, consult your IT/security team before granting these permissions to avoid policy violations.
- Local tokens: The tool stores auth data under ~/.teams-delegate (token cache and config). Ensure your home directory has appropriate file permissions and remove the token files if you stop using the skill.
- Dependencies: The scripts use the Python 'msal' library but the SKILL.md doesn't list how to install it. Install msal (pip install msal) and verify Python versions before running.
- Documentation mismatch: SKILL.md claims token.json but the code writes token_cache.bin and config.json — expect the code behavior (check ~/.teams-delegate for the actual files).
If you want extra assurance: inspect the scripts locally (they are small and readable) and run them in a controlled account or tenant with limited privileges before pointing them at your primary work account.
Capability Analysis
Type: OpenClaw Skill
Name: teams-delegate
Version: 1.0.4
The skill requests broad Microsoft Graph API permissions (e.g., Chat.ReadWrite, ChannelMessage.Send, User.Read) which, while necessary for its stated purpose of delegating Teams inbox management, grant significant control over the user's Teams account. More critically, the SKILL.md instructs the AI agent to 'use cron or heartbeat' for auto-reply mode. This is a direct prompt injection vulnerability, as an agent capable of executing shell commands could be instructed to create arbitrary cron jobs, potentially leading to persistence or unauthorized execution if the agent's environment is not properly sandboxed. All network communication is directed to the legitimate Microsoft Graph API (graph.microsoft.com), and there is no evidence of intentional data exfiltration or malicious execution within the provided code.
Capability Assessment
Purpose & Capability
Name/description (delegate Teams inbox) aligns with the code and requested Graph scopes. The scripts authenticate via device-code, list/read chats, summarize messages, and post replies using Microsoft Graph — all appropriate for the stated functionality.
Instruction Scope
Runtime instructions are narrowly scoped to Teams/Graph actions. However SKILL.md contains small inaccuracies (says token saved to ~/.teams-delegate/token.json, but the code writes token_cache.bin and config.json), and it asks the user to enable 'Allow public client flows' and grant admin consent when applicable (expected for device flow and certain tenant scenarios). The agent instructions do not attempt to read unrelated system files or exfiltrate data to non-Microsoft endpoints.
Install Mechanism
This is an instruction-only skill with no install spec. The Python code imports msal, which is not declared or described in the SKILL.md; the user must pip-install msal (and have Python available). Not including dependency installation instructions is an operational omission but not a security concern by itself.
Credentials
No environment variables or unrelated credentials are requested. The code stores token/cache and config under ~/.teams-delegate (expected for a CLI credential cache). Requested Graph scopes (Chat.Read, Chat.ReadWrite, ChannelMessage.Send, etc.) are required for reading and sending Teams messages — these are powerful (can post messages as the authenticated user) but proportionate to the skill's purpose and are disclosed in the README.
Persistence & Privilege
The skill persists tokens and a config in the user's home directory (~/.teams-delegate) and auto-refreshes tokens; it does not request 'always: true' or modify other skills. Persisting tokens locally is typical for CLI tools but means the stored tokens should be protected by the user (file permissions).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install teams-delegate - After installation, invoke the skill by name or use
/teams-delegate - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
Update author display name to Nate Teshome and website to stellarsitesai.com
v1.0.3
Removed telemetry script. Clean package — only auth.py and teams.py.
v1.0.2
Added author attribution and anonymous install telemetry.
v1.0.1
Switched to MSAL for reliable auth, fixed device code flow, added multi-tenant support. Requires Microsoft 365 license for Chat API access.
v1.0.0
Initial release — delegate your Microsoft Teams inbox to your AI agent. Auto-reply, summarize, and filter messages via Microsoft Graph API.
Metadata
Frequently Asked Questions
What is Teams Delegate?
Delegate Microsoft Teams inbox management to your AI agent for auto-replies, message summaries, priority filtering, and context-aware responses. It is an AI Agent Skill for Claude Code / OpenClaw, with 473 downloads so far.
How do I install Teams Delegate?
Run "/install teams-delegate" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Teams Delegate free?
Yes, Teams Delegate is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Teams Delegate support?
Teams Delegate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Teams Delegate?
It is built and maintained by Natnael Teshome (@takeovernat); the current version is v1.0.4.
More Skills