Outlook Delegate
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Outlook delegate skill, but it gives an assistant powerful mailbox authority and includes a command that can print a raw Microsoft access token.
Only install this if you intentionally want the assistant to have delegated Outlook authority. Use a dedicated assistant account, prefer Send on Behalf over Send As when possible, enable audit logging, secure and rotate the Microsoft app secret, revoke unused permissions, and avoid exposing or requesting raw access tokens.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-eager agent action could send email as the owner, creating business, privacy, or reputational harm.
The script can send replies/forwards as the mailbox owner and the shown flow posts directly to the Graph send endpoint after creating a draft, without an artifact-shown approval step.
# - send-as/reply-as/forward-as: As the owner ...
# Step 3: Send the draft
RESULT=$(curl -s -w "\n%{http_code}" -X POST "$API_BASE/messages/$DRAFT_ID/send" ...)Require explicit user confirmation before send, reply, forward, delete, or calendar-change operations; consider defaulting to draft creation for owner-sent mail.
If the token is exposed in terminal history, logs, or the agent transcript, someone could use it to access or modify Outlook data until it expires or is revoked.
The skill requests persistent delegated mailbox/calendar scopes and includes a helper command that prints the raw bearer access token.
SCOPE="offline_access User.Read Mail.ReadWrite Mail.Send Mail.ReadWrite.Shared Mail.Send.Shared Calendars.ReadWrite Calendars.ReadWrite.Shared" ... get) ... echo "$ACCESS_TOKEN"
Remove or disable the raw token output command, redact tokens from all outputs, declare the credential/config requirements, and use the least-privileged Microsoft permissions possible.
Users have less provenance information to decide whether to trust this high-privilege skill.
The registry metadata does not provide a verifiable upstream source or homepage for a skill that handles Microsoft 365 credentials and delegated mailbox access.
Source: unknown Homepage: none
Verify the publisher and review the included scripts before installing; prefer a version with a clear source repository and release history.