Outlook Delegate
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Outlook delegate skill, but it asks for broad persistent access to another user's mailbox and calendar, including sending, deleting, and editing, without clear per-action safeguards.
Install only if the mailbox owner intentionally wants this assistant to act as a delegate. Use least-privilege Microsoft 365 permissions, require explicit confirmation before sending or changing anything, verify any helper scripts outside this package, and plan how to rotate secrets and revoke delegate access.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the assistant, its account, or the app credentials are misused, the owner's mail and calendar could be read, changed, or used to send messages on the owner's behalf.
The skill asks for broad delegated Microsoft 365 authority over the owner's mailbox and calendar, plus persistent OAuth refresh capability.
Mail.ReadWrite.Shared, Mail.Send.Shared, Calendars.ReadWrite.Shared, User.Read, offline_access ... Add-MailboxPermission ... -AccessRights FullAccess ... Set-Mailbox ... -GrantSendOnBehalfTo
Grant only the minimum needed permissions, use a dedicated delegate account, audit Microsoft 365 activity, store secrets securely, and revoke delegate/OAuth access when no longer needed.
An incorrect or over-eager agent action could send an email, reply to someone, delete or move mail, or create calendar events in the owner's account.
The documented workflows include destructive or externally visible actions, but the provided instructions do not include confirmation, preview, or rollback requirements.
./scripts/outlook-mail.sh delete <id> ... send <to> <subj> <body> ... reply <id> "body" ... ./scripts/outlook-calendar.sh create <subj> <start> <end>
Require explicit user approval before sending, replying, deleting, moving, or creating events; preview message bodies and recipients; and prefer reversible actions where possible.
Email and calendar content may include sensitive information or untrusted third-party text that should not be treated as instructions for the agent.
The skill is intended to retrieve private mailbox and calendar content into the assistant's working context.
./scripts/outlook-mail.sh read <id> # Read email content ... ./scripts/outlook-calendar.sh events [count] # Owner's upcoming events
Retrieve only what is needed, avoid storing or reusing sensitive mail content unnecessarily, and treat message bodies as untrusted data rather than agent instructions.
The registry scan cannot confirm what those helper scripts would actually do if supplied from elsewhere.
The skill references helper scripts, but the supplied artifact set contains only SKILL.md and no reviewed implementation files.
./scripts/outlook-token.sh refresh ... ./scripts/outlook-mail.sh inbox [count] ... ./scripts/outlook-calendar.sh events [count]
Inspect and trust the actual scripts before running them, and avoid using unreviewed helper code with Microsoft 365 credentials.