OpenSkillIndex← back to search
claude-codeopenclaw

Awesome-omni-skill teams-hack

Your agent reads Teams chats, posts to channels, searches everything. One stolen token. 90 days per browser tap.

install
source · Clone the upstream repo
git clone https://github.com/diegosouzapw/awesome-omni-skill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/ai-agents/teams-hack" ~/.claude/skills/diegosouzapw-awesome-omni-skill-teams-hack && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/diegosouzapw/awesome-omni-skill "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/ai-agents/teams-hack" ~/.openclaw/skills/diegosouzapw-awesome-omni-skill-teams-hack && rm -rf "$T"
manifest: skills/ai-agents/teams-hack/SKILL.md
source content

Teams Hack

One token. Two skills. 90 days of access.

This skill shares the same MSAL refresh token as outlook-hack. Extract once from Teams localStorage, get both email and chat access.

What It Does

  • 💬 Read and send chat messages (1:1 and group)
  • 📢 Read and post to team channels
  • 🔍 Search messages across all of Teams
  • 👥 Browse org directory, check presence status
  • 📅 View calendar with Teams meeting join links
  • 🏢 List joined teams and channels

Quick Start

1. Token Extraction (one-time, ~30 seconds)

Open Microsoft Teams (

teams.cloud.microsoft
) in Chrome. Attach the tab via OpenClaw browser relay. The agent runs this in the page:

(() => {
  const keys = Object.keys(localStorage).filter(k =>
    k.includes('refreshtoken') || k.includes('RefreshToken')
  );
  const results = keys.map(k => {
    const parsed = JSON.parse(localStorage.getItem(k));
    return { key: k, secret: parsed.secret, client_id: parsed.client_id };
  });
  // Also get tenant ID
  const accountKeys = Object.keys(localStorage).filter(k => {
    try { return JSON.parse(localStorage.getItem(k)).tenantId; } catch { return false; }
  });
  let tenantId = null;
  for (const k of accountKeys) {
    try { tenantId = JSON.parse(localStorage.getItem(k)).tenantId; break; } catch {}
  }
  return { tokens: results, tenantId };
})();

Then store the token:

teams token store --refresh-token <secret> --tenant-id <tenantId>

2. Verify

teams token test

3. Use

teams chats                          # Recent conversations
teams chat <id> --top 10             # Read messages
teams chat-send <id> --message "hi"  # Send message
teams teams                          # List teams
teams channels <teamId>              # List channels
teams search "project update"        # Search everything
teams users --search "Oscar"         # Find people
teams presence                       # Your status
teams calendar --days 3              # Upcoming meetings

How It Works

Same mechanism as the Outlook hack:

  1. Teams stores an MSAL refresh token in 
    localStorage
  2. This token is exchanged for a Graph API access token using Teams' first-party client ID
  3. The client ID (
    5e3ce6c0-2b1f-4285-8d4b-75ee78787346
    ) has pre-authorized Graph scopes
  4. Token auto-rotates on each use — perpetual access as long as it's used within 90 days

Shared Token Architecture

Both skills read from the same file:

~/.openclaw/credentials/outlook-msal.json

Extract the token once → both 

outlook
and 
teams
CLIs work. If either skill refreshes the token, the other benefits.

CLI Reference

CommandDescription
teams chats
List recent chats with last message preview
teams chat <id>
Read messages (newest first)
teams chat-send <id> --message <text>
Send to a chat
teams teams
List all joined teams
teams channels <teamId>
List channels in a team
teams channel <teamId> <channelId>
Read channel messages
teams channel-send <teamId> <channelId> --message <text>
Post to channel
teams search "<query>"
Full-text search across messages
teams users --search <name>
Search org directory
teams presence
Your availability status
teams calendar --days 7
Calendar with meeting links
teams me
Your profile

Sibling Skill: Outlook Hack

This skill shares the same MSAL refresh token with outlook-hack. One extraction covers both. Extract the token once → get full chat access (this skill) AND email access (Outlook Hack).

Both skills read and write to the same credentials file:

~/.openclaw/credentials/outlook-msal.json

If either skill refreshes the token, the other benefits automatically.

SkillWhat it doesSend-blocked?
outlook-hackEmail: read, search, draft, folders, attachments, calendar, contacts✅ Cannot send
teams-hack (this)Chat: read, send, channels, search, presence, org directoryNo (chat sending enabled)

Architecture

  • Zero external deps — pure Node.js (v22+)
  • Shared credentials — same token file as Outlook
  • Graph API v1.0 — standard Microsoft endpoints
  • Beta fallback — some features use 
    /beta
    when v1.0 lacks support

The Full Stack

Pair with outlook-hack for email, whatsapp-ultimate for messaging, and jarvis-voice for voice.

👉 Clone it. Fork it. Break it. Make it yours.