Teams Hack

One token. Two skills. 90 days of access.

This skill shares the same MSAL refresh token as outlook-hack. Extract once from Teams localStorage, get both email and chat access.

What It Does

• 💬 Read and send chat messages (1:1 and group)
• 📢 Read and post to team channels
• 🔍 Search messages across all of Teams
• 👥 Browse org directory, check presence status
• 📅 View calendar with Teams meeting join links
• 🏢 List joined teams and channels

Quick Start

1. Token Extraction (one-time, ~30 seconds)

Open Microsoft Teams (teams.cloud.microsoft) in Chrome. Attach the tab via OpenClaw browser relay. The agent runs this in the page:

(() => {
  const keys = Object.keys(localStorage).filter(
    (k) => k.includes("refreshtoken") || k.includes("RefreshToken"),
  );
  const results = keys.map((k) => {
    const parsed = JSON.parse(localStorage.getItem(k));
    return { key: k, secret: parsed.secret, client_id: parsed.client_id };
  });
  // Also get tenant ID
  const accountKeys = Object.keys(localStorage).filter((k) => {
    try {
      return JSON.parse(localStorage.getItem(k)).tenantId;
    } catch {
      return false;
    }
  });
  let tenantId = null;
  for (const k of accountKeys) {
    try {
      tenantId = JSON.parse(localStorage.getItem(k)).tenantId;
      break;
    } catch {}
  }
  return { tokens: results, tenantId };
})();

Then store the token:

teams token store --refresh-token <secret> --tenant-id <tenantId>

2. Verify

teams token test

3. Use

teams chats                          # Recent conversations
teams chat <id> --top 10             # Read messages
teams chat-send <id> --message "hi"  # Send message
teams teams                          # List teams
teams channels <teamId>              # List channels
teams search "project update"        # Search everything
teams users --search "Oscar"         # Find people
teams presence                       # Your status
teams calendar --days 3              # Upcoming meetings

How It Works

Same mechanism as the Outlook hack:

1. Teams stores an MSAL refresh token in localStorage
2. This token is exchanged for a Graph API access token using Teams' first-party client ID
3. The client ID (5e3ce6c0-2b1f-4285-8d4b-75ee78787346) has pre-authorized Graph scopes
4. Token auto-rotates on each use — perpetual access as long as it's used within 90 days

Shared Token Architecture

Both skills read from the same file:

~/.openclaw/credentials/outlook-msal.json

Extract the token once → both outlook and teams CLIs work. If either skill refreshes the token, the other benefits.

CLI Reference

Sibling Skill: Outlook Hack

This skill shares the same MSAL refresh token with outlook-hack. One extraction covers both. Extract the token once → get full chat access (this skill) AND email access (Outlook Hack).

Both skills read and write to the same credentials file:

~/.openclaw/credentials/outlook-msal.json

If either skill refreshes the token, the other benefits automatically.

Architecture

• Zero external deps — pure Node.js (v22+)
• Shared credentials — same token file as Outlook
• Graph API v1.0 — standard Microsoft endpoints
• Beta fallback — some features use /beta when v1.0 lacks support

The Full Stack

Pair with outlook-hack for email, whatsapp-ultimate for messaging, and jarvis-voice for voice.

👉 Clone it. Fork it. Break it. Make it yours.