Clippy - Microsoft 365 CLI
Security checks across malware telemetry and agentic risk
Overview
The skill’s Outlook purpose is clear, but it deserves review because it relies on a logged-in Microsoft 365 browser session with broad mail/calendar authority and an external CLI that was not included for scanning.
Before installing, review the external clippy repository and understand that this tool can operate through your logged-in Microsoft 365 browser session. Use it only if you trust the CLI, confirm any email-sending or calendar-deleting actions, and be cautious with the keepalive service because it can keep your account session active in the background.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or compromised, the CLI could act as the signed-in Microsoft 365 user, including reading mail, sending messages, changing calendar events, and accessing organizational people/room data.
This indicates the CLI uses a logged-in Microsoft 365 browser session rather than provider-scoped API permissions, giving it broad account-level authority for mail and calendar operations.
Works through the M365 web UI via browser automation (Playwright), not the Graph API. No Azure AD app registration required - just login with your browser.
Use only with a Microsoft 365 account you are comfortable granting broad Outlook access to; review the external CLI source before installing, use a separate profile if possible, and log out or clear the profile when no longer needed.
An agent using this skill could send or forward email, reply-all, move messages, and delete or modify calendar events.
The documented CLI commands include outward-facing and mutating actions in the user's Outlook account. These are purpose-aligned, but high-impact if invoked incorrectly.
clippy delete-event 1 ... clippy send --to "recipient@example.com" ... clippy mail --reply-all <number> ... clippy mail --forward <number>
Require clear user confirmation for sends, reply-all/forward actions, event deletion, and other account-changing operations.
A background keepalive could keep the Microsoft 365 session active longer than expected, increasing exposure if the local machine, profile directory, or CLI is compromised.
The skill documents an optional persistent keepalive process that refreshes the authenticated browser session. It is disclosed and user-directed, but it extends the lifetime of account access.
clippy keepalive --interval 10 ... For persistent operation, set up as a launchd service (macOS) or systemd (Linux).
Only enable keepalive if needed; monitor and stop the service when not in use, and protect or remove the configured profile directory.
The safety of the installed CLI depends on the external repository and its dependencies, which were not included in the artifact scan.
Installation depends on cloning and running an external GitHub project, while the submitted skill contains only instructions and no code for static review.
git clone https://github.com/foeken/clippy.git cd clippy && bun install bun run src/cli.ts --help
Inspect the repository, dependency files, and install scripts before running bun install or linking the CLI globally.