ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Microsoft 365 Integration

v1.0.0

Access and manage Microsoft 365 email, calendar, OneDrive files, To Do tasks, and contacts via the MS Graph API with authentication support.

4· 3.4k·19 current·19 all-time
by@cvsloane
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/README/CLI all describe Microsoft 365 Graph functionality (mail, calendar, OneDrive, tasks, contacts). Requiring Azure app credentials (client id/secret/tenant) for headless operation is appropriate for that purpose. However the registry metadata lists no required environment variables while SKILL.md and README clearly instruct setting MS365_MCP_CLIENT_ID, MS365_MCP_CLIENT_SECRET, and MS365_MCP_TENANT_ID — a mismatch between declared requirements and actual configuration.
Instruction Scope
SKILL.md and the CLI are scoped to MS365 tasks and instruct the agent to run the included ms365_cli.py which invokes the MCP server. The instructions ask users to cache credentials (device-code tokens) and to add secrets to environment variables or mcporter config — expected for this integration but sensitive. The instructions also direct editing of user config (~/.clawdbot/mcporter.json) and enabling org-mode; these are reasonable but give the skill access to tokens/configs if misused.
!
Install Mechanism
The Python CLI calls `npx -y @softeria/ms-365-mcp-server` at runtime. That causes npm to fetch and execute a package from the network on-demand (dynamic supply chain). Using npx with -y runs the latest package without pinned version, increasing risk if the npm package or account is compromised. There is no install spec in the registry to pin or vet a release; README suggests installing globally but the code still uses npx. This is the highest-risk element.
Credentials
Requested secrets (client id, client secret, tenant id) are appropriate and necessary for headless OAuth flows. That said, the registry metadata did not declare these required environment variables, which is an inconsistency. The skill will cache tokens (location not specified), so storing/securing the client secret and cached tokens is important.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills. It can run autonomously by default (normal). It does cache authentication tokens after first login (noted in SKILL.md), which gives persistent access to Microsoft resources while tokens are valid — expected for this kind of integration but something to be aware of.
What to consider before installing
This skill appears to implement Microsoft 365 features as described, but proceed cautiously: - Supply-chain risk: the CLI invokes `npx -y @softeria/ms-365-mcp-server` at runtime. That downloads and executes an npm package on demand and is riskier than a pinned release. Prefer installing a specific, vetted package version locally (npm install @softeria/ms-365-mcp-server@<version>) or review the package source on GitHub before using. Consider running the skill in an isolated container/workspace. - Secrets: the skill requires sensitive Azure AD credentials for headless use (client id/secret/tenant). Only provide these if you trust the package and operator. The registry metadata does not declare these env vars — treat that as an inconsistency and ask the publisher to correct it. - Token caching: device-code tokens are cached (location unspecified). Ensure token storage is secure and purge tokens if you remove the skill. - Verify the npm/GitHub project: the SKILL.md attributes the MCP server to Softeria with links; check the upstream project's reputation, examine its code for unexpected network calls, and prefer pinned versions. - Least privilege: when creating the Azure AD app, grant only the minimum Graph permissions you need and avoid broad admin-consent permissions unless required. If you cannot review the upstream npm/github code or are uncomfortable with dynamic npx execution, classify this as too risky to install in a production environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk976srvq3rxkqe4grnbn0awmhx7yv03c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments