Back to skill

Security audit

Clippy - Microsoft 365 CLI

Security checks across malware telemetry and agentic risk

Overview

The skill fits its Outlook-management purpose, but it deserves review because it can use a signed-in Microsoft 365 browser session to send mail, change calendar data, and keep that session alive persistently.

Install only if you trust the external `clippy` CLI and are comfortable letting an agent operate through your Microsoft 365 browser session. Review the repository and dependencies before running `bun install`, require explicit confirmation before send, reply-all, forward, delete, move, or attachment-download actions, and avoid keepalive as a background service unless you need it and can secure and stop it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly exposes destructive actions such as deleting events, responding to invitations, moving mail, and sending email, but the description does not warn that these actions can modify organizational data or communicate externally on the user's behalf. In an agent setting, that omission increases the chance of unintended high-consequence actions because a caller may invoke the skill for read-only assistance while the tool is also capable of irreversible changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill relies on browser automation against the M365 web UI and recommends a long-lived keepalive session, but it does not warn about the security and privacy implications of maintaining an authenticated browser session. A persistent authenticated profile and health file can increase exposure to session hijacking, unintended mailbox/calendar access, or misuse by other local processes or users if the environment is not properly secured.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.