Team Projects

Multi-agent project management with task boards, @-mention routing, WBS, and orchestrated team collaboration. Includes a Control UI plugin tab with project d...

This package implements the UI and local scripts needed for multi-agent project management, but several red flags deserve attention before you install it: - Hardcoded local path: the Control view instructs an agent to run a Node command at '/home/charl/.openclaw/.../project-store.js'. That looks like a leftover developer path and would fail or, worse, cause an agent to run unexpected local binaries. Insist that the author make commands relative to the installed plugin path or configurable (TEAM_PROJECTS_DIR), and remove developer-specific absolute paths. - Agents executing local commands: the view uses sessions.send to ask an agent to run a local CLI script. Confirm whether your agents are allowed/able to execute such commands and audit what those scripts do. If you do not want agents to run arbitrary local commands, do not enable the recommended exec/sessions_send permissions. - Broad permissions recommended: the example config and SKILL.md advise allowAgents: ["*"] and tools.allow: ["*"]. These are convenient but grant wide access across agents and tools. Prefer least privilege: only allow the coordinator the specific agent IDs and tools it needs. - Optional HTTP API with CORS '*': gateway-handlers.js can start an HTTP server if TEAM_PROJECTS_PORT > 0. If you enable it, bind to localhost only as shown and protect it with auth or firewall rules; CORS '*' plus no auth could expose project data to local web pages. - Code review & sandboxing: because the skill reads/writes files under ~/.openclaw and runs Node scripts, review project-store.js and orchestrator.js in full (especially writeFileSync/appendFileSync usage) and test in an isolated environment before adding to production. What would increase confidence: an updated SKILL.md removing hardcoded paths, a configuration option to point to the installed plugin directory, concrete minimum permission requirements (exact tools/agent IDs), and confirmation that the HTTP API supports authentication or is disabled by default. If you provide the omitted remaining files, I can re-check for other risky patterns (network calls, credential use, shell exec).

Type: OpenClaw Skill Name: team-projects Version: 1.3.0 The skill bundle implements a complex multi-agent project management system but uses high-risk architectural patterns. Most notably, it requires the user to manually patch the OpenClaw source code and build pipeline (SKILL.md, BUILD_REGISTRATION.md), and the UI component (team-projects-view.ts) fetches data by sending 'silent' chat messages that trigger shell execution of local scripts (node project-store.js). While these behaviors appear aligned with the stated goal of providing a project dashboard, the use of the agent as a shell-execution proxy for the frontend and the requirement for core source code modification represent a significant security risk and deviate from standard plugin sandboxing.