ClawHub

Microsoft 365 Email & Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Microsoft 365 mail and calendar CLI, but it requires powerful Microsoft Graph permissions and stores reusable OAuth tokens locally.

Install only if you are comfortable granting this skill access to read mail, send mail, read/write calendar data, read basic profile identity, and keep refreshable Microsoft tokens on disk. Use it on a trusted machine, confirm before any mail-sending or calendar-changing command, and revoke the Microsoft app or delete the saved token files if you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation declares runtime requirements for environment variables and clearly implies outbound Microsoft Graph API access, but it does not declare explicit permissions for those capabilities. Missing permission declarations weaken user awareness and policy enforcement, making it easier for a skill to access sensitive account data or transmit it over the network without transparent consent boundaries.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill requests the OAuth scopes `User.Read Mail.Read Mail.Send Calendars.ReadWrite offline_access`, which is broader than a narrowly described email-and-calendar CLI would typically need. Overbroad OAuth scopes violate least privilege and increase blast radius if tokens are stolen, misused, or the skill behaves unexpectedly, especially because `offline_access` enables long-lived refresh capability.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Requesting `User.Read` grants access to user profile information that is not clearly necessary for the stated email/calendar functionality shown in this file. While common in Microsoft Graph integrations, unnecessary profile scope still expands accessible data and can expose additional personal information if the token is compromised or reused.

Session Persistence

Medium
Category
Rogue Agent
Content
- Send: `node index.js --account work mail send --to a@b.com --subject "Hi" --body "Hello"`
- Search: `node index.js --account work mail search "invoice"`
- Calendar: `node index.js --account work calendar --from 2026-04-14T00:00:00Z --to 2026-04-14T23:59:59Z`
- Create event: `node index.js --account work calendar-create --subject "Meeting" --start 2026-04-15T10:00 --end 2026-04-15T11:00`

## Multi-account
Use `--account <name>` to switch. Each account has separate tokens stored in `~/.openclaw/credentials/`.
Confidence
82% confidence
Finding
Create event: `node index.js --account work calendar-create --subject "Meeting" --start 2026-04-15T10:00 --end 2026-04-15T11:00` ## Multi-account Use `--account <name>` to switch. Each account has se

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal