← 返回 Skills 市场
TeamWork
作者
ChenXinBest
· GitHub ↗
· v1.0.0
1267
总下载
2
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install teamwork
功能描述
Dynamically creates and manages AI agent teams for complex tasks. Invoke when user requests multi-agent collaboration, complex project execution, or when tasks require specialized roles and coordinated workflow.
安全使用建议
This skill implements team orchestration and will create and modify files under .trae/config and .trae/data (providers.json, team-roles.json, model_scores.json). It will ask you for API keys or the names of environment variables for any providers you configure and will persist that provider info in .trae/config/providers.json. Before installing or using it:
- Understand it will store provider credentials/config locally (likely plaintext). If you don’t want keys stored on disk, avoid entering them or use minimally privileged keys.
- Prefer supplying environment variable names rather than pasting secrets into interactive prompts, but note the code appears not to resolve process.env itself — verify how your host resolves those placeholders.
- Review and restrict file permissions on .trae/config (e.g., chmod 600) and keep backups out of shared repos.
- If you need provider integrations (OpenAI, Anthropic, Google, etc.), confirm how provider calls will be performed (the skill’s code does not include HTTP calls) and whether the host agent will use stored keys.
- Validate the author/source before providing sensitive credentials and consider testing in an isolated environment first.
If you want, I can point out the exact lines where credentials are written to disk and suggest code changes to avoid plaintext storage (e.g., use OS credential stores or encrypt configs).
功能分析
Type: OpenClaw Skill
Name: teamwork
Version: 1.0.0
The 'teamwork' skill is classified as suspicious due to its inherent high-risk capabilities, which include managing AI provider API keys, performing file system operations for configuration, and orchestrating complex multi-agent tasks. While these actions are central to the skill's stated purpose and there is no direct evidence of malicious intent (e.g., data exfiltration to unauthorized endpoints, malicious command execution, or obfuscation), the extensive control over sensitive credentials and agent behavior presents a significant attack surface. The `SKILL.md` instructs the OpenClaw agent to handle API keys (stored as environment variable references in `providers.json`) and to display configuration, which could lead to information leakage if the agent's runtime resolves these environment variables before displaying them to a potentially untrusted user. The skill's complexity and powerful functionality, even when aligned with its stated purpose, elevate its risk profile beyond benign.
能力评估
Purpose & Capability
The skill's files (init, config-manager, team-coordinator, score-manager, herald, templates) implement team creation, role assignment, scoring, and config persistence — consistent with the stated purpose. However, the package contains no networking or provider-integration code (no HTTP/fetch/axios/etc.), so while it asks for provider API keys and base URLs the code doesn’t actually call external AI provider APIs. That could be a design choice (the host model performs calls) but it is an inconsistency worth noting.
Instruction Scope
SKILL.md explicitly instructs the agent to read and write configuration under .trae/config and .trae/data and to interactively collect provider and model information. Those actions are within the scope of a multi-agent orchestration skill. The instructions do not request unrelated system files or hidden data exfiltration; they are explicit about the files they will touch.
Install Mechanism
There is no remote install/download step and package.json has no external dependencies — nothing will be pulled from arbitrary URLs. The skill is delivered as local code and templates; risk from the install mechanism is low.
Credentials
Registry metadata declares no required environment variables, but SKILL.md and configuration templates ask the user to provide API keys (or environment variable names) for multiple AI providers and persist them in .trae/config/providers.json. The code uses provider.api_key fields but does not resolve process.env values anywhere, meaning secrets may end up stored in plaintext in config files. Storing API keys on disk without explicit guidance or encryption is a security concern. Requesting multiple provider keys is functionally justified, but the lack of a clear, secure handling strategy is disproportionate and risky.
Persistence & Privilege
The skill does persist configuration and score data to .trae/config and .trae/data, which is normal for this purpose. always:false and no modification of other skills' configurations are observed. Autonomous invocation is allowed (platform default); combined with stored credentials this increases blast radius, but the skill does not request elevated or system-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install teamwork - 安装完成后,直接呼叫该 Skill 的名称或使用
/teamwork触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始化本技能:在用户配置多提供商、多模型的情况下,综合成本、能力等各要素团队合作完成任务
元数据
常见问题
TeamWork 是什么?
Dynamically creates and manages AI agent teams for complex tasks. Invoke when user requests multi-agent collaboration, complex project execution, or when tasks require specialized roles and coordinated workflow. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1267 次。
如何安装 TeamWork?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install teamwork」即可一键安装,无需额外配置。
TeamWork 是免费的吗?
是的,TeamWork 完全免费(开源免费),可自由下载、安装和使用。
TeamWork 支持哪些平台?
TeamWork 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TeamWork?
由 ChenXinBest(@chenxinbest)开发并维护,当前版本 v1.0.0。
推荐 Skills