Outlook Calendar
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears to read Outlook Calendar as described, but it requires storing and reusing Microsoft 365 passwords, cookies, and captured bearer tokens locally, so it needs careful review before use.
Install only if you are comfortable giving this skill local access to your Microsoft 365 password/session. Before use, consider whether your organization allows automated OWA login and token caching, restrict permissions on ~/.outlook, review the code, and prefer a scoped OAuth calendar integration if available.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process that can read the ~/.outlook files could potentially reuse sensitive Microsoft 365 authentication material, and that authority is broader than simply viewing selected calendar events.
The skill requires a Microsoft 365 account password and persists cookies and tokens in local files for reuse.
敏感信息(账号密码、Cookie、Token)存放在 `~/.outlook/` ... "email": "your@company.com", "password": "your_password" ... `cookies.json` ... `token.json`
Prefer an official scoped OAuth/Graph calendar permission, declare the credential requirement clearly, use a protected credential store or restrictive file permissions, and avoid keeping the account password after login.
A cached bearer token can be reused during its lifetime, increasing the impact if the local token file is read by another user, backup process, or compromised tool.
The code captures a live Outlook bearer token from browser traffic and writes it to ~/.outlook/token.json.
if auth.startswith("Bearer ") and "outlook.office.com" in req.url:
owa_token = auth[7:] ... json.dump({"bearer": owa_token, "saved_at": time.time()}, f)Use a least-privilege token flow designed for calendar read access, store tokens securely, and document exactly what permissions the token can exercise.
The agent may consult the corporate calendar when the user’s request is only loosely related to scheduling.
The invocation rule is broad and mandatory for work/task/thing-related prompts, not just explicit calendar requests.
只要用户问任何涉及日程、会议、安排、日历、工作、任务、事情的问题,必须调用此技能。
Narrow the trigger wording or ask for confirmation before reading the calendar for ambiguous work/task questions.
Users depend on whatever package and browser versions are fetched at install time.
The setup requires external packages and a browser download, but the versions are not pinned and there is no formal install spec.
pip install playwright requests playwright install chromium
Pin dependency versions, provide a reviewed install spec or lockfile, and install only from trusted package sources.
Local debug images may reveal sign-in context such as account identifiers or MFA prompts if the directory is shared, backed up, or exposed.
The login flow can persist debug screenshots of Microsoft sign-in/MFA pages under ~/.outlook, and this is not listed in the SKILL.md file structure.
path = OUTLOOK_DIR / f"debug_{name}.png"
page.screenshot(path=str(path)) ... shot(page, f"wait_{i:02d}")Disable debug screenshots by default, disclose them clearly, clean them up after login, and restrict permissions on ~/.outlook.