Clippy - Microsoft 365 CLI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned, but it should be reviewed because it uses a full Microsoft 365 browser session, can modify email and calendar data, and recommends persistent keepalive.
Review carefully before installing. This may be useful, but only grant it access to Microsoft 365 if you trust the upstream Clippy code, understand the browser profile/session storage, and are comfortable with a persistent background process. Confirm high-impact actions such as sending email or deleting meetings before running them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used, the tool can operate with the same Microsoft 365 access as the logged-in user, including sensitive mail and calendar actions.
This shows the skill relies on the user's authenticated Microsoft 365 browser session rather than a scoped app permission model, giving broad mailbox and calendar authority as the signed-in user.
Works through the M365 web UI via browser automation (Playwright), not the Graph API. No Azure AD app registration required - just login with your browser.
Only use it if you trust the upstream code; consider a dedicated browser profile/account, understand where sessions are stored, and confirm how to log out or revoke access.
An authenticated Microsoft 365 session may remain active in the background, increasing exposure if the local machine, profile directory, or process is compromised.
The SKILL recommends a background keepalive service that maintains an authenticated browser session beyond a single user request.
Keep a browser session alive to prevent token expiry ... For persistent operation, set up as a launchd service (macOS) or systemd (Linux).
Avoid persistent keepalive unless necessary; if enabled, make start/stop behavior explicit, monitor it, and provide a clear cleanup/logout procedure.
Users must trust external code that was not included in this review before granting it access to a Microsoft 365 browser session.
The executable code is fetched from an external repository during setup and is not pinned to a reviewed release or commit in the supplied artifacts.
git clone https://github.com/foeken/clippy.git cd clippy && bun install
Inspect the upstream repository, pin a known commit or release, and prefer a reviewed installer or package before using it with a work account.
A mistaken invocation could send email, reply to recipients, delete or change meetings, or alter mailbox state.
These account-mutating commands are expected for an Outlook CLI, but they can send messages or change calendar/mailbox state.
clippy delete-event 1 ... clippy send ... --to "recipient@example.com" ... clippy mail --reply-all <number>
Require explicit user confirmation for sending, replying, forwarding, deleting, or moving items.