ClawHub

Exchange Skills

v1.0.2

Full email, calendar, contacts, tasks, and notes management for Microsoft Exchange/Outlook. Use when Claude needs to list unread emails, read email content,...

0· 104·0 current·0 all-time
byDerek Hsu@derekhsu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Exchange mail/calendar/contacts/tasks/notes) align with required environment variables (EXCHANGE_SERVER, EXCHANGE_EMAIL, EXCHANGE_USERNAME, EXCHANGE_PASSWORD) and the included Python script which uses exchangelib to talk to an Exchange server.
Instruction Scope
SKILL.md and the script limit actions to fetching/reading/replying/marking/archiving emails and listing calendar/contacts/tasks/notes via Exchange. The script loads a local .env in its script directory and reads only Exchange-related environment variables; it does not reference or transmit data to other external endpoints beyond the Exchange server.
Install Mechanism
This is an instruction+code skill with no install spec. The script requires the third‑party Python package exchangelib (pip). Because there is no automated install step, the user/agent must install dependencies manually; ensure exchangelib is installed from a trusted source (PyPI) before use.
Credentials
Requested environment variables (server, email, username, password) are expected for Exchange access and the primary credential is EXCHANGE_PASSWORD. Minor metadata inconsistency: SKILL.md references EXCHANGE_DISABLE_SSL_VERIFY as an optional variable but the registry metadata's optional_env only lists EXCHANGE_DOMAIN; this is a small documentation mismatch but not a behavioral red flag.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It reads a .env file from its own script directory but does not write persistent secrets or change agent configuration.
Assessment
This skill appears to be a legitimate Exchange CLI client, but it requires your Exchange credentials (including password) to run. Before installing: (1) verify and trust the skill source/author; (2) prefer using a restricted or app-specific account rather than your primary mailbox password; (3) store credentials in a secure secrets manager or an environment isolated to this skill rather than a global shell profile; (4) note there is no automated install for Python dependencies—install exchangelib from PyPI and inspect it if needed; (5) avoid setting EXCHANGE_DISABLE_SSL_VERIFY unless you understand the implications; and (6) review the script if you need absolute assurance there is no unexpected network exfiltration. If you cannot trust the publisher, do not supply real credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973yept1wx5trrz5fzmhr83d18338he

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvEXCHANGE_SERVER, EXCHANGE_EMAIL, EXCHANGE_USERNAME, EXCHANGE_PASSWORD
Primary envEXCHANGE_PASSWORD

Comments