ClawHub

Ms365 Tenant Manager

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Microsoft 365 admin skill, but it contains high-impact tenant-changing scripts with weak guardrails around destructive actions, plaintext password exports, and input handling.

Install only for experienced Microsoft 365 administrators who will review every generated PowerShell script before running it. Use a test tenant or pilot group first, prefer report-only and WhatIf modes, remove plaintext password exports, validate and escape all generated-script inputs, and require explicit approval before offboarding users or changing tenant-wide Conditional Access policies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest description contains very broad trigger phrases such as 'Office 365 admin', 'Azure AD users', 'Global Administrator', and 'Microsoft 365 automation', which could cause the skill to activate for routine administrative queries beyond the user's specific intent. Because this skill can generate and encourage high-privilege tenant-management actions, overbroad matching increases the chance of accidental invocation in sensitive contexts and could steer users toward impactful administrative operations without sufficient narrowing or confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The offboarding workflow performs destructive, high-impact actions—blocking sign-in, revoking refresh tokens, removing licenses, converting the mailbox, and removing group memberships—without an upfront warning summarizing consequences or requiring an explicit confirmation gate before execution. In a Global Administrator context, accidental or premature use could immediately disrupt access, collaboration, email handling, and licensing for the targeted account, making mistakes costly and hard to unwind.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The bulk provisioning script stores generated initial passwords in a CSV results file, which creates a plaintext credential artifact on disk. In a Microsoft 365 Global Administrator context, that file could be broadly accessible via workstation compromise, backups, sync tools, or admin sharing, exposing many newly created accounts at once.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting guidance includes a recursive forced deletion of a user PowerShell cache path without any warning, scope limitation, or validation steps. In an admin-focused skill, operators may copy-paste this command directly, which can cause unintended data loss or removal of unrelated PowerShell state and modules if the path contents differ from expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The break-glass procedure advises setting all Conditional Access policies to report-only, effectively disabling tenant-wide access protections during an incident, without emphasizing the security exposure or limiting the scope. In a Microsoft 365 Global Administrator context, this creates a serious opportunity for unauthorized access, especially if followed during a live compromise or by an inexperienced admin.

Excessive Permissions

Low
Category
Privilege Escalation
Content
**Error:** `Insufficient privileges to complete the operation`

**Required Permissions:**
- User Administrator role
- OR User.ReadWrite.All Graph permission
Confidence
72% confidence
Finding
Permissions:*

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal