ClawHub

Openclaw Intune Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about managing Intune, but it gives an agent very broad Microsoft tenant power with incomplete permission scoping and uneven safety controls.

Install only if you intentionally want an AI agent to administer Microsoft Intune and related Microsoft Graph tenant features. Use a dedicated app registration, grant only the permissions needed for the exact workflows you will use, protect and rotate the client secret, test outside production first, and require human approval for every write action, script upload, group/RBAC/Conditional Access change, report export, and destructive device operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Scope Creep

High
Confidence
96% confidence
Finding
The skill declares a limited set of Microsoft Graph application permissions, but later documents capabilities that require broader identity and audit-log access. This mismatch is dangerous because operators may trust the declared scope while the skill encourages implementation or later expansion into more privileged operations, undermining least-privilege review and increasing the chance of overprovisioned app registrations.

Scope Creep

High
Confidence
98% confidence
Finding
The skill includes creation, modification, and deletion of Conditional Access policies and named locations, which can directly weaken or disable tenant-wide authentication protections. Because these identity control capabilities are not reflected in the declared permission set, the skill obscures its true blast radius and could lead reviewers to approve a tool that can lock out users or reduce MFA and access enforcement across the tenant.

Scope Creep

Medium
Confidence
93% confidence
Finding
The skill documents access to directory audit logs and sign-in logs without declaring the corresponding audit permissions. This creates a misleading security posture and can expose sensitive identity telemetry, including user activity and authentication metadata, if implementers grant broader access than the documentation suggests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs use of a tenant client secret for app-only authentication but provides no warning about secure storage, rotation, logging, or exposure risks. In a high-privilege Intune/Graph management skill, mishandling this secret could grant broad administrative access to devices, policies, users, and groups.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The rule stating that all GET operations are 'always safe' ignores that many read actions expose sensitive personal, device, group, audit, and sign-in information. This is dangerous because it normalizes unprompted access to privacy-impacting data and can cause unnecessary disclosure in environments containing employee or tenant security telemetry.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal