ClawHub

Outlook Calendar

v1.0.2

读取企业 Microsoft 365 Outlook 日历。当用户问任何涉及日程、会议、安排、工作、任务、事情的问题时触发,例如:今天有什么安排、这周有什么会、本月会议多少小时、明天要做什么、下周有啥工作、这周有什么事、有啥任务等。

0· 1.1k·10 current·10 all-time
by@ilove323
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read Outlook calendar) match the included scripts: login.py performs an interactive Playwright MFA login and saves cookies; owa_calendar.py extracts a Bearer token from Outlook Web and calls the Outlook Calendar API. Required binary (python3) is appropriate. The skill does not request unrelated cloud credentials or unexpected services.
Instruction Scope
SKILL.md explicitly instructs the user to create ~/.outlook/config.json containing email/password and to run pip install playwright + playwright install chromium, then run login.py and owa_calendar.py. These steps are within scope for a credential-based scraper, but they require storing plaintext credentials and installing browser automation tools — both are sensitive and worth user attention.
Install Mechanism
There is no automated install spec; the README instructs using pip and Playwright to install dependencies and Chromium. That's expected for Playwright-based tooling. No downloads from untrusted personal servers or URL shorteners are present in the repository or scripts.
Credentials
The skill asks users to place their account email/password in ~/.outlook/config.json (not via env vars). Requesting credentials is proportionate to the chosen approach (password+MFA automation), but storing plaintext passwords on disk is sensitive — the skill does not declare any environment variables or use unrelated credentials.
Persistence & Privilege
The skill does not request always:true and has no mechanism to modify other skills or system-wide settings. It will persist cookies/token files under the user's home (~/.outlook), which is expected for caching auth artifacts.
Assessment
This skill appears to do what it claims: it automates a Microsoft 365 login (with MFA) using Playwright, saves cookies/tokens under ~/.outlook, and calls only outlook.office.com/login.microsoftonline.com. Before installing, consider: (1) the skill requires you to store your email/password in plaintext in ~/.outlook/config.json — prefer a dedicated service account or least-privilege account and ensure file permissions restrict access; (2) Playwright will download a Chromium binary (playwright install chromium) — run installation in a controlled environment if concerned; (3) verify the code origin because the source is unknown; review login.py and owa_calendar.py yourself (they are short and readable) and confirm they only access Microsoft domains; (4) consider using a proper OAuth/app registration flow rather than storing credentials if your organization requires it; (5) run initial tests in an isolated environment or with an account that has no access to sensitive mailboxes. Overall the skill is coherent, but take precautions around credential storage and installation of browser automation tooling.

Like a lobster shell, security has layers — review code before you run it.

latestvk974p3mwq9thp8xtb3pdx7z1gd81z62t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis
Binspython3

Comments