Microsoft 365 Integration
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill fits a Microsoft 365 integration, but it grants broad Microsoft account authority through cached credentials and an unpinned third-party npm MCP server.
Only install this if you trust the third-party MCP package and are comfortable granting broad Microsoft 365 access. Prefer pinning the dependency, using read-only/minimal Graph scopes first, and requiring confirmation before any send, post, upload, delete, or calendar/task change.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or compromised npm package could run code under the user's environment and interact with Microsoft 365 data or tokens.
The skill executes an unpinned third-party npm package at runtime; that package handles Microsoft 365 operations and may access credentials and account data.
["npx", "-y", "@softeria/ms-365-mcp-server"]
Pin the npm package version, declare the dependency in the install spec, and review the package provenance before granting Microsoft account access.
Installing and authorizing this skill could let the agent or underlying MCP server read or modify significant Microsoft 365 account and organization data.
The documented Microsoft Graph permissions include broad delegated read/write and organization scopes, including mail, files, tasks, Teams messaging, and SharePoint access.
`Mail.ReadWrite` ... `Files.ReadWrite` ... `Tasks.ReadWrite` ... `Chat.ReadWrite` ... `Sites.Read.All` ... `ChannelMessage.Send`
Use the minimum Graph scopes needed, avoid organization-mode permissions unless required, and prefer read-only mode for routine browsing.
An agent could create tasks or calendar entries, and broader documented tools could perform more impactful actions, without consistently documented confirmation steps.
The skill includes mutating account actions, but only email sending has an explicit confirmation requirement; approval boundaries for other write operations are less clear.
`mail send` ... `calendar create` ... `tasks create` ... `When sending email, confirm recipient and content before sending`
Require explicit user confirmation for every write, delete, upload, posting, or calendar/task mutation, and document safe defaults.
Email, calendar, contacts, file metadata, and task data may be visible to the MCP server process used by the skill.
Microsoft 365 data is routed through an MCP subprocess provided by an external package, which is expected for this integration but is an additional data boundary.
"method": "tools/call" ... ["npx", "-y", "@softeria/ms-365-mcp-server"]
Treat the MCP server as trusted infrastructure, review its source and configuration, and avoid using it with sensitive tenants unless approved.