Ms Graph Calendar
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to perform Microsoft Graph calendar lookups as claimed, but it needs review because it requests tenant-wide calendar access and exposes Graph bearer tokens in tool output/temp storage.
Install only if your Microsoft 365 admin is comfortable granting read access to the intended mailboxes. Restrict the app to a limited mailbox group, avoid pasting long-lived secrets into chat, remove token printing, secure token storage, and query only the people/date ranges needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or misused app secret/token could expose company-wide calendar and employee directory data.
The skill explicitly asks for app-only Microsoft Graph permissions that can read calendars and list users across the tenant; the App Access Policy restriction is only suggested later and is not enforced by the skill.
**App Registration ต้องมี Application Permissions:** - `Calendars.Read` — read all users' calendars - `User.Read.All` — list employees - Admin ต้อง Grant consent ก่อน
Grant this only to a dedicated app registration, restrict it with an Exchange Application Access Policy or equivalent mailbox scope, and use the least-privileged Graph permissions that satisfy the use case.
Anyone who can see the tool output or read the token file during its lifetime may be able to use the token's Microsoft Graph permissions.
The script writes the Graph bearer token to a predictable temp-file path without an explicit restrictive mode and also prints the token to stdout, where it may enter agent transcripts or logs.
fs.writeFileSync(tokenPath, JSON.stringify(tokenData));
console.log("✅ Token acquired. Expires in", Math.round(json.expires_in / 60), "minutes.");
console.log(json.access_token);Do not print access tokens, store token caches with explicit 0600 permissions or a secure credential store, and clear cached tokens when the task is complete.
Users may underestimate where secrets and tokens are stored or exposed when setting up the skill.
The documentation gives conflicting credential-handling claims: it says credentials are saved to a local config file, but later says credentials are read from env vars only; the code also prints the bearer access token.
ค่าจะถูกบันทึกไว้ที่ `~/.openclaw/ms-graph-calendar.json` ... `Credentials are read from env vars only — never log or echo them`
Correct the documentation to accurately describe config-file storage and token handling, and remove token printing before use.
Meeting titles and schedule details may appear in chat/tool logs when checking availability.
The schedule tool returns meeting subjects and statuses in console output and JSON, which is purpose-aligned but may place sensitive calendar details into the agent context.
const subject = item.subject ? ` — ${item.subject}` : "";
...
subject: item.subject,
status: item.statusLimit queries to necessary attendees and date ranges, and consider redacting subjects or using free/busy-only permissions if detailed meeting titles are not needed.