Install
openclaw skills install @danielithomas/officeclawConnect to personal Microsoft accounts via Microsoft Graph API to manage email, calendar events, and tasks. Use this skill when the user needs to read/write Outlook mail, manage calendar appointments, or handle Microsoft To Do tasks.
openclaw skills install @danielithomas/officeclawConnect your OpenClaw agent to personal Microsoft accounts (Outlook.com, Hotmail, Live) to manage email, calendar, and tasks through the Microsoft Graph API.
Install from PyPI:
pip install officeclaw
Or with uv:
uv pip install officeclaw
Verify installation:
officeclaw --version
Quick start: OfficeClaw ships with a default app registration — just run
officeclaw auth loginand go. No Azure setup needed.Advanced: Want full control? Create your own Azure App Registration (free, ~5 minutes) and set
OFFICECLAW_CLIENT_IDin your.env. See Microsoft's guide or follow the steps below.
officeclaw (or anything you like)OFFICECLAW_CLIENT_IDRead-only (safest):
Mail.Read, Calendars.Read, Tasks.ReadWrite*Full access (all features including send/delete):
Mail.Read, Mail.ReadWrite, Mail.SendCalendars.Read, Calendars.ReadWriteTasks.ReadWrite*Tasks.ReadWrite is the minimum available scope for Microsoft To Do — there is no read-only option.
Least privilege: Only grant the permissions you actually need. If you only want to read emails and calendar, skip
Mail.ReadWrite,Mail.Send, andCalendars.ReadWrite. OfficeClaw will gracefully error on commands that require missing permissions.
Create a .env file in your skill directory:
OFFICECLAW_CLIENT_ID=your-client-id-here
# Capability gates (disabled by default for safety)
# OFFICECLAW_ENABLE_SEND=true # Allow sending/replying/forwarding emails
# OFFICECLAW_ENABLE_DELETE=true # Allow deleting emails, events, and tasks
# Recipient allowlist — STRONGLY RECOMMENDED when sending is enabled
# OFFICECLAW_ALLOWED_RECIPIENTS=user1@example.com,user2@example.com
No client secret needed for device code flow. Write operations (send, delete) are disabled by default — enable only what you need.
⚠️ Recipient Allowlist (v1.0.4+): If you enable sending, configure
OFFICECLAW_ALLOWED_RECIPIENTSto restrict which addresses can receive email. This is especially critical for AI agent workflows — the allowlist provides a hard, code-level boundary that prevents sending to unauthorized addresses regardless of what the agent is instructed to do. Blocked attempts are logged for auditing.
officeclaw auth login
This displays a URL and code. Open the URL in a browser, enter the code, and sign in with your Microsoft account. Tokens are stored securely in ~/.officeclaw/token_cache.json (permissions 600).
Activate this skill when the user needs to:
officeclaw auth login # Authenticate via device code flow
officeclaw auth status # Check authentication status
officeclaw auth logout # Clear stored tokens
officeclaw mail list --limit 10 # List recent messages
officeclaw mail list --unread # List unread messages only
officeclaw mail get <message-id> # Get specific message
officeclaw mail send --to user@example.com --subject "Hello" --body "Message text"
officeclaw mail send --to user@example.com --subject "Report" --body "Attached" --attachment report.pdf
officeclaw mail search --query "from:boss@example.com"
officeclaw mail archive <message-id> # Archive a message
officeclaw mail mark-read <message-id> # Mark as read
officeclaw --json mail list # JSON output for parsing
officeclaw calendar list --start 2026-02-01 --end 2026-02-28
officeclaw calendar create \
--subject "Team Meeting" \
--start "2026-02-15T10:00:00" \
--end "2026-02-15T11:00:00" \
--location "Conference Room"
officeclaw calendar get <event-id>
officeclaw calendar update <event-id> --subject "Updated Meeting"
officeclaw calendar delete <event-id>
officeclaw --json calendar list --start 2026-02-01 --end 2026-02-28
officeclaw tasks list-lists # List task lists
officeclaw tasks list --list-id <list-id> # List tasks
officeclaw tasks list --list-id <list-id> --status active # Active tasks only
officeclaw tasks create --list-id <list-id> --title "Complete report" --due-date "2026-02-20"
officeclaw tasks complete --list-id <list-id> --task-id <task-id>
officeclaw tasks reopen --list-id <list-id> --task-id <task-id>
Use --json flag for structured JSON output:
officeclaw --json mail list
Returns:
{
"status": "success",
"data": [
{
"id": "AAMkADEzN...",
"subject": "Meeting Notes",
"from": {"emailAddress": {"address": "sender@example.com"}},
"receivedDateTime": "2026-02-12T10:30:00Z",
"isRead": false
}
]
}
Common errors and solutions:
| Error | Cause | Solution |
|---|---|---|
AuthenticationError | Not logged in or token expired | Run officeclaw auth login |
AccessDenied | Missing permissions | Re-authenticate with required scopes |
ResourceNotFound | Invalid ID | Verify the ID exists |
RateLimitError | Too many API calls | Wait 60 seconds and retry |
When using this skill:
--json flagOFFICECLAW_ENABLE_SEND and OFFICECLAW_ENABLE_DELETE environment variables. This prevents accidental or unauthorised write actions.OFFICECLAW_ALLOWED_RECIPIENTS is set, outbound email is restricted to listed addresses only. Blocked attempts are logged to email-blocked.log and an email-alert.json alert file is written for monitoring. If not set, a runtime warning is displayed on each send. Strongly recommended for any AI agent deployment.~/.officeclaw/token_cache.json with 600 file permissionsIf the skill isn't working:
officeclaw auth statusofficeclaw auth logingraph.microsoft.com is reachableOFFICECLAW_CLIENT_ID is set in .env