Ms Graph Calendar
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent for Microsoft calendar scheduling, but it needs review because it uses organization-wide Graph permissions and prints/stores powerful access tokens.
Before installing, confirm that your organization is comfortable granting this app read access to employee calendars and user lists. Ask an admin to restrict the app to only needed mailboxes, and avoid using the skill until token output/storage is fixed or you can ensure logs and temp files are protected.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with access to the configured app secret could query employee calendar availability and directory data across the tenant.
The skill requires app-only Microsoft Graph permissions that can read calendars and enumerate users across the organization. This is related to the scheduling purpose, but it is broad tenant-wide authority unless the admin separately restricts it.
`Calendars.Read` — read all users' calendars; `User.Read.All` — list employees
Use the least-privileged Graph permissions available, restrict mailbox scope with an Exchange App Access Policy before use, and install only in environments where this tenant-wide read access is acceptable.
The access token may appear in agent logs, terminal output, or files readable by other local processes, allowing temporary access to the same calendar and directory data.
The script writes the Graph access token to a temp file without an explicit restrictive file mode and prints the token to stdout. That token carries the app's Graph permissions.
fs.writeFileSync(tokenPath, JSON.stringify(tokenData)); ... console.log(json.access_token);
Do not print access tokens, redact token output, store tokens only in a private path with 0600 permissions or a secure credential store, and minimize token lifetime and scope.
Users may underestimate where secrets and tokens are stored or exposed when configuring the skill.
This safety statement is inconsistent with the included setup flow and code: setup.js stores the client secret in a local config file, and get-token.js prints the access token.
Credentials are read from env vars only — never log or echo them
Update the documentation to accurately disclose local secret storage and token caching, and change the implementation so sensitive tokens are not echoed.