Microsoft 365 Integration
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: ms365 Version: 1.0.0 The skill is classified as suspicious due to its reliance on `npx -y @softeria/ms-365-mcp-server` in `ms365_cli.py` and `README.md`. While this is central to the skill's stated purpose of integrating with Microsoft 365, the `npx -y` command downloads and executes an external Node.js package, introducing a significant supply chain risk. Additionally, the skill requires broad Microsoft Graph API permissions (e.g., `Mail.ReadWrite`, `Files.ReadWrite`, `Chat.ReadWrite`, `Sites.Read.All`) as detailed in `README.md`, which, while necessary for its functionality, represents a high-risk capability if the external dependency were compromised or malicious. There is no direct evidence of intentional malicious behavior within the provided files themselves, nor any prompt injection attempts to subvert the agent for harmful objectives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or compromised npm package could run code under the user's environment and interact with Microsoft 365 data or tokens.
The skill executes an unpinned third-party npm package at runtime; that package handles Microsoft 365 operations and may access credentials and account data.
["npx", "-y", "@softeria/ms-365-mcp-server"]
Pin the npm package version, declare the dependency in the install spec, and review the package provenance before granting Microsoft account access.
Installing and authorizing this skill could let the agent or underlying MCP server read or modify significant Microsoft 365 account and organization data.
The documented Microsoft Graph permissions include broad delegated read/write and organization scopes, including mail, files, tasks, Teams messaging, and SharePoint access.
`Mail.ReadWrite` ... `Files.ReadWrite` ... `Tasks.ReadWrite` ... `Chat.ReadWrite` ... `Sites.Read.All` ... `ChannelMessage.Send`
Use the minimum Graph scopes needed, avoid organization-mode permissions unless required, and prefer read-only mode for routine browsing.
An agent could create tasks or calendar entries, and broader documented tools could perform more impactful actions, without consistently documented confirmation steps.
The skill includes mutating account actions, but only email sending has an explicit confirmation requirement; approval boundaries for other write operations are less clear.
`mail send` ... `calendar create` ... `tasks create` ... `When sending email, confirm recipient and content before sending`
Require explicit user confirmation for every write, delete, upload, posting, or calendar/task mutation, and document safe defaults.
Email, calendar, contacts, file metadata, and task data may be visible to the MCP server process used by the skill.
Microsoft 365 data is routed through an MCP subprocess provided by an external package, which is expected for this integration but is an additional data boundary.
"method": "tools/call" ... ["npx", "-y", "@softeria/ms-365-mcp-server"]
Treat the MCP server as trusted infrastructure, review its source and configuration, and avoid using it with sensitive tenants unless approved.