Outlook
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: outlook-api Version: 1.0.5 The skill provides a legitimate integration for Microsoft Outlook via the Maton API proxy (api.maton.ai). It includes well-documented instructions for the AI agent to manage emails, calendars, and contacts, and explicitly mandates user approval for all write operations. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill can access significant private Outlook account data.
The skill requires delegated access to a Microsoft Outlook account, including sensitive mailbox, calendar, and contact data. This is purpose-aligned but important authority for a user to notice.
Access is scoped to messages, mail folders, calendar events, and contacts within the connected Outlook account.
Authorize only the intended Outlook account, review Microsoft/Maton consent screens carefully, and remove the connection when it is no longer needed.
Incorrect or over-broad use could send messages or modify mailbox, calendar, folder, or contact data.
The documented capabilities include high-impact write actions such as sending or managing Outlook resources. The skill mitigates this by stating that writes require explicit user approval.
Read, send, and manage emails, folders, calendar events, and contacts.
Confirm the exact recipient, resource, and intended effect before allowing any create, update, send, or delete action.
Outlook requests and responses may pass through Maton's infrastructure before reaching Microsoft Graph.
Outlook API requests are routed through Maton's service, which handles OAuth token injection. This is disclosed and central to the integration, but it means a third-party proxy participates in sensitive account access.
Maton proxies requests to `graph.microsoft.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton with this integration, and avoid requesting or exposing more mailbox/calendar/contact data than needed.
Installing a global CLI gives external software access to the local environment where it runs.
The instruction-only skill recommends installing an external global CLI package. This is user-directed and purpose-aligned, but the reviewed artifacts do not include that package code.
npm install -g @maton-ai/cli
Install the Maton CLI only from trusted package sources and keep it updated; verify the package before use if operating in a sensitive environment.
The Outlook authorization can continue to exist after a single task unless the user removes the connection.
The skill creates persistent OAuth connections that can remain active until deleted. This persistence is disclosed and includes connection management/delete instructions.
Manage your Microsoft OAuth connections at `https://api.maton.ai`.
Periodically review active Maton Outlook connections and delete any that are no longer needed.