SharePoint by altf1be
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a coherent SharePoint integration, but it grants real SharePoint read/write authority and should be installed only with tightly scoped Microsoft Graph permissions.
This appears suitable if you intentionally want OpenClaw to work with a specific SharePoint site. Before installing, create a dedicated Entra app, keep `Sites.Selected`, prefer read-only access unless writes are needed, protect the certificate, and require human review for upload, delete, checkout, checkin, or publishing actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the certificate or app registration is misconfigured or misused, the skill can access or modify files in the configured SharePoint site.
The skill requires Microsoft Graph application credentials and may be granted write access to a SharePoint site. This is expected for the integration but is a meaningful delegated privilege.
Create an Entra app with `Sites.Selected` permission and certificate auth 2. Grant site-level write access via Microsoft Graph PowerShell
Use a dedicated Entra app, keep `Sites.Selected`, grant read-only access unless writing is truly needed, and protect the certificate and optional certificate password carefully.
An agent using this skill could alter or delete shared SharePoint documents if given broad instructions or if a user approves the wrong action.
The skill exposes commands that upload, delete, lock/unlock, and publish SharePoint documents. These are purpose-aligned file operations, and delete is documented as requiring confirmation, but they can still change important shared content.
node {baseDir}/scripts/sharepoint.mjs upload --local ./report.docx --remote "Reports/Q1-2026.docx"
...
node {baseDir}/scripts/sharepoint.mjs delete --path "Drafts/old-file.txt" --confirm
...
node {baseDir}/scripts/sharepoint.mjs checkin --path "Report.docx" --comment "Reviewed and approved"Require explicit human confirmation for upload, delete, checkout, checkin, and edit operations; rely on SharePoint versioning/backups; and avoid granting write access for read-only use cases.
Sensitive SharePoint document text may enter the agent's context, and malicious or accidental instructions inside documents could influence the agent if not handled carefully.
The skill intentionally turns SharePoint and Office document contents into text for an AI agent to process. This is core functionality, but document contents may be confidential or may contain instructions that should not be treated as trusted agent commands.
The `read` command extracts text content from: - `.docx` → full text extraction via mammoth ... Output is plain text suitable for AI processing
Use this only on documents the agent is allowed to process, and treat extracted document text as untrusted content for summarization or analysis rather than as instructions.
Users may have a harder time confirming that the reviewed package contents exactly match the intended published release.
The package version shown in package.json differs from the registry metadata version 2.0.0 and the package-lock root version shown as 0.1.0. This does not show malicious behavior, but it is a provenance/release hygiene issue worth checking.
"version": "1.2.0"
Verify the GitHub release or commit for the installed version and ensure package.json, package-lock, and registry metadata are aligned in future releases.