← 返回 Skills 市场
agent-teams
作者
penglovemeng
· GitHub ↗
· v1.10.6
· MIT-0
193
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install peng-agent-teams
功能描述
Interact with Microsoft Teams - send messages, read channels, manage reactions
安全使用建议
This skill does what it claims (control Teams), but it obtains credentials by reading the Teams desktop app's local cookie DB and stores a plaintext token in ~/.config/agent-messenger/teams-credentials.json. It also instructs the agent to read/write a persistent memory file at the start of each task. Before installing, consider: 1) Do you trust the npm package author (agent-messenger)? Inspect the package source on the registry or GitHub first. 2) Are you comfortable granting the tool access to app data (and possibly Full Disk Access on macOS)? That allows it to extract session tokens which effectively act as your account credentials. 3) If you proceed, run it from a dedicated account or isolated environment, limit filesystem permissions, and remove the credentials file when done. 4) Prefer OAuth/official integrations where possible; if your organization forbids using user tokens for automation, avoid this skill. Finally, consider asking the author to declare the config paths and credential behavior in the registry metadata so the access surface is explicit.
功能分析
Type: OpenClaw Skill
Name: peng-agent-teams
Version: 1.10.6
The skill bundle provides a CLI for Microsoft Teams that authenticates by extracting session tokens (skypetoken_asm) directly from the local Teams desktop application's SQLite cookie database across macOS, Linux, and Windows (SKILL.md, references/authentication.md). While this high-risk credential extraction is the stated purpose for enabling 'seamless' authentication, accessing another application's private session data is a significant security risk. The bundle also includes instructions for the AI agent to manage a local persistent memory file (~/.config/agent-messenger/MEMORY.md), though it contains explicit safety directives to avoid storing sensitive credentials in that file.
能力评估
Purpose & Capability
The skill is a CLI wrapper to interact with Microsoft Teams and the install (npm package agent-messenger -> binary agent-teams) is consistent with that purpose. Extracting a local Teams session token from the desktop app is coherent for a tool that posts as the user. However, the registry metadata claims no config paths or credentials required while the documentation and scripts clearly read app data directories and write ~/.config/agent-messenger/teams-credentials.json — an undeclared access surface.
Instruction Scope
SKILL.md and references explicitly instruct the agent/CLI to: locate Teams desktop app data, read Cookies SQLite databases to extract the skypetoken_asm cookie, store that token in plaintext under ~/.config/agent-messenger/teams-credentials.json, and maintain a persistent MEMORY.md that the agent must read at the start of every task and overwrite when updating. Those instructions cause the agent to access local app data and user config every run (and to request granting broader FS permissions), which is sensitive and broader than what the registry declares. The skill also tells agents to auto-extract tokens silently — this is expected for the stated purpose but has significant privacy/credential implications.
Install Mechanism
Installation is via a Node package (agent-messenger), producing the agent-teams binary. This is an expected and traceable install mechanism (npm). No ad-hoc downloads or remote archive extraction from arbitrary URLs are present in the manifest, which lowers install risk relative to raw URL downloads.
Credentials
No environment variables are declared or required, which superficially seems minimal. But the skill requires reading the Teams app's cookie DBs under OS-specific paths and writes a credentials file containing a plaintext Teams token. Those credential and filesystem accesses are not reflected in requires.config or requires.env and thus are underdeclared. The skill also recommends granting full-disk access on macOS to enable token extraction — a high-privilege action for a single-purpose skill.
Persistence & Privilege
The skill is not set always:true and uses normal autonomous invocation. It does create and manage persistent files under ~/.config/agent-messenger (teams-credentials.json, MEMORY.md, snapshots). This is expected for a CLI that needs tokens and caches IDs, but the registry metadata did not declare these config paths. The combination of autonomous invocation + undeclared credential storage increases the blast radius if the package were malicious or compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install peng-agent-teams - 安装完成后,直接呼叫该 Skill 的名称或使用
/peng-agent-teams触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.10.6
Update
元数据
常见问题
agent-teams 是什么?
Interact with Microsoft Teams - send messages, read channels, manage reactions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 193 次。
如何安装 agent-teams?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install peng-agent-teams」即可一键安装,无需额外配置。
agent-teams 是免费的吗?
是的,agent-teams 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
agent-teams 支持哪些平台?
agent-teams 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 agent-teams?
由 penglovemeng(@penglovemeng)开发并维护,当前版本 v1.10.6。
推荐 Skills