ClawHub

Microsoft 365 Integration

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Microsoft 365 integration, but it needs review because it can modify account data and runs an unpinned external npm package.

Install only if you trust the Softeria MCP package and are comfortable granting Microsoft 365 read/write permissions. Prefer read-only mode or narrower Graph scopes where possible, pin the npm package version, and require explicit confirmation before sending mail, creating events, uploading files, deleting items, or posting to Teams.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The README encourages very natural-language invocations such as "Check my email" and "Send an email...", which are broad enough that an agent may trigger sensitive account actions from ordinary conversational phrasing. In a skill with mail, calendar, file, and messaging write/delete capabilities, loose invocation guidance increases the chance of unintended execution or overbroad tool use.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The feature list prominently advertises privacy-impacting and destructive capabilities such as reading email, deleting messages, accessing files, and posting to Teams, but does not pair them with warnings about data sensitivity, consent, or irreversible actions. This can normalize high-risk operations without setting safe-use expectations for operators or downstream agent integrations.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation list includes very broad terms such as 'email', 'calendar', 'microsoft', and 'to do', which can cause the skill to trigger in contexts where the user did not clearly intend to grant access to Microsoft 365 data or perform account actions. Because this skill exposes privacy-sensitive capabilities across mail, files, contacts, and calendar, accidental invocation increases the chance of unintended data access or actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises access to highly sensitive resources including email, calendar, OneDrive, tasks, and contacts, but does not warn users that using the skill may expose personal or organizational data and enable outbound actions like sending email. In a multi-capability integration like this, lack of privacy and action transparency can lead to users authorizing or invoking sensitive operations without informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The mail send command performs an irreversible external action using the user's Microsoft 365 identity without any confirmation, preview, or safety gate. In an agent-skill context, this increases the risk of unintended or prompt-induced email transmission to arbitrary recipients, causing data leakage, impersonation, or business workflow abuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal