outlook-microsoft
v1.0.0微软 Outlook 邮箱和日历管理工具(支持世纪互联版 Office 365)。当用户要求查看邮件、发送邮件、搜索邮件、管理日历日程、创建会议、查询忙闲状态时使用。注意:此 Skill 仅支持世纪互联(21Vianet)版本的 Microsoft 365,使用 login.chinacloudapi.cn /...
⭐ 1· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Outlook mail + calendar for the 21Vianet/China endpoints) match the code and instructions. Required binary (python3) and required env vars (OUTLOOK_CLIENT_ID, OUTLOOK_TENANT_ID, optional OUTLOOK_CLIENT_SECRET) are appropriate for Microsoft Graph Device Code Flow and Azure app registration. The Graph endpoints used (login.chinacloudapi.cn and microsoftgraph.chinacloudapi.cn) align with the stated Century‑Internet target.
Instruction Scope
SKILL.md and the scripts provide specific commands to authorize, read/send mail, and manage calendars and only reference expected files (scripts/.env, ~/.outlook-microsoft/config.json, credentials.json). The instructions require creating an Azure app and granting delegated Graph scopes (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite), which is consistent with the feature set. Note: the instructions and scripts load a local .env file and will persist client secret and OAuth tokens to disk—this is expected for this workflow but is sensitive and should be acknowledged.
Install Mechanism
There is no binary download or external installer; code is included and the setup only requires installing the Python requests package (pip). No downloads from untrusted URLs or archive extraction steps are present in the repository metadata. This is a low‑risk install model, but you should still inspect the included scripts prior to execution.
Credentials
Requested environment variables (client id, tenant id; client secret optional) are appropriate and minimal for this purpose. The skill will also read a local scripts/.env file if present and persist OAuth tokens and config under ~/.outlook-microsoft; storing client secrets and refresh/access tokens in plaintext on disk is expected here but increases local risk—protect those files and use least privilege in Azure (single‑tenant, delegated scopes only).
Persistence & Privilege
The skill does persist its own configuration and credentials under ~/.outlook-microsoft, which is normal for an OAuth client. It does not request always:true or attempt to modify other skills or system-wide agent settings. The use of subprocess to call its own refresh routine is limited to its token lifecycle management.
Assessment
This skill appears coherent for managing Outlook (21Vianet) mail and calendars, but before installing: 1) review the included Python scripts to confirm you’re comfortable with saving credentials locally; 2) expect the tool to write config.json and credentials.json under ~/.outlook-microsoft (store them with restrictive permissions, e.g., chmod 600); 3) if you must provide OUTLOOK_CLIENT_SECRET in scripts/.env, be aware it's plaintext—consider using narrower Azure app permissions, single‑tenant registration, and rotating secrets regularly; 4) the skill uses Device Code Flow and requires admin consent for delegated scopes—only grant permissions you trust and only to organizational accounts; and 5) run the code in a controlled environment (or inspect/run in a sandbox) if you have any doubt about handling of secrets or network communication.Like a lobster shell, security has layers — review code before you run it.
latestvk97b4352sngv7wgpz13cg26x3584bjnr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📮 Clawdis
Binspython3
EnvOUTLOOK_CLIENT_ID, OUTLOOK_TENANT_ID
Primary envOUTLOOK_CLIENT_ID