Clippy - Microsoft 365 CLI
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clippy Version: 1.2.0 The skill is classified as suspicious due to two main indicators found in `SKILL.md`. First, the installation instructions include `bun install`, which is a common vector for supply chain attacks as it can execute arbitrary code via `postinstall` scripts. Second, the documentation recommends setting up the `clippy keepalive` command as a `launchd` or `systemd` service for persistent operation. While presented for a functional purpose, this capability could be abused to establish persistence for malicious activities if the underlying `clippy` tool or its dependencies were compromised.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used, the tool can operate with the same Microsoft 365 access as the logged-in user, including sensitive mail and calendar actions.
This shows the skill relies on the user's authenticated Microsoft 365 browser session rather than a scoped app permission model, giving broad mailbox and calendar authority as the signed-in user.
Works through the M365 web UI via browser automation (Playwright), not the Graph API. No Azure AD app registration required - just login with your browser.
Only use it if you trust the upstream code; consider a dedicated browser profile/account, understand where sessions are stored, and confirm how to log out or revoke access.
An authenticated Microsoft 365 session may remain active in the background, increasing exposure if the local machine, profile directory, or process is compromised.
The SKILL recommends a background keepalive service that maintains an authenticated browser session beyond a single user request.
Keep a browser session alive to prevent token expiry ... For persistent operation, set up as a launchd service (macOS) or systemd (Linux).
Avoid persistent keepalive unless necessary; if enabled, make start/stop behavior explicit, monitor it, and provide a clear cleanup/logout procedure.
Users must trust external code that was not included in this review before granting it access to a Microsoft 365 browser session.
The executable code is fetched from an external repository during setup and is not pinned to a reviewed release or commit in the supplied artifacts.
git clone https://github.com/foeken/clippy.git cd clippy && bun install
Inspect the upstream repository, pin a known commit or release, and prefer a reviewed installer or package before using it with a work account.
A mistaken invocation could send email, reply to recipients, delete or change meetings, or alter mailbox state.
These account-mutating commands are expected for an Outlook CLI, but they can send messages or change calendar/mailbox state.
clippy delete-event 1 ... clippy send ... --to "recipient@example.com" ... clippy mail --reply-all <number>
Require explicit user confirmation for sending, replying, forwarding, deleting, or moving items.