ClawHub
Back to skill
v3.1.0

office secretary

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:40 AM.

Analysis

This appears to be a real Microsoft 365 assistant, but it needs review because it requests broad delegated account permissions, can modify mail and send Teams messages, and stores login tokens locally.

GuidanceReview this carefully before installing. If you proceed, use a dedicated Entra app registration, grant only the Microsoft Graph scopes you truly need, require confirmation before mail or Teams actions, and know how to revoke the app session and delete token_cache.bin.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
secretary_engine.py
self.call("PATCH", f"me/messages/{m['id']}", {"categories": ["Urgent"]}) ... self.call("POST", f"teams/{team_id}/channels/{channel_id}/messages", {"body": {"content": msg}})

The code directly changes mailbox message categories and posts Teams messages, with no built-in confirmation or preview step shown in the artifacts.

User impactAn agent using this skill could alter mailbox organization or send messages to a Teams channel if invoked with those commands.
RecommendationRequire explicit user confirmation before mail mutations or Teams posting, and clearly show the target messages, team, channel, and message content before sending.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
requirements.txt
msal
requests
python-dotenv

The Python dependencies are listed without pinned versions, so future installs may resolve to different package versions.

User impactDependency behavior may change over time, even if the current source code is understandable.
RecommendationPin dependency versions and install from trusted package indexes.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
secretary_engine.py
REQUIRED_SCOPES = [ 'User.Read', 'Mail.ReadWrite', 'Calendars.ReadWrite', 'Files.ReadWrite', 'ChatMessage.Send' ]

The skill requests delegated Microsoft Graph permissions that can read and modify mail, calendars, and files, and send Teams chat messages.

User impactInstalling and authorizing this skill could let it act with significant authority inside the user's Microsoft 365 account.
RecommendationOnly install if you trust the skill owner and need these actions. Consider reducing scopes, especially Files.ReadWrite and Calendars.ReadWrite, unless write access is truly required.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
secretary_engine.py
CACHE_PATH = os.path.join(BASE_DIR, 'token_cache.bin') ... f.write(self.cache.serialize())

The skill stores a local MSAL token cache so it can reuse Microsoft authentication across runs; the code attempts to restrict file permissions, but the cache still represents persistent delegated access.

User impactAnyone with access to the token cache file may be able to affect the user's Microsoft 365 session depending on token validity and platform protections.
RecommendationKeep the skill directory private, periodically revoke unused app sessions, and delete token_cache.bin if uninstalling or changing trust decisions.