Openclaw Intune Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about managing Microsoft Intune, but it asks for tenant-wide admin-level Graph permissions that can change or wipe devices, policies, groups, and scripts, with approval boundaries that are not tight enough for low-risk use.
Install only if you intentionally want an OpenClaw agent to have administrator-like Microsoft Intune control. Prefer a dedicated least-privilege Entra app, test in a non-production tenant first, require explicit confirmation for all writes and bulk actions, monitor audit logs, and revoke the client secret when the skill is not in active use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or its credentials are misused, it could alter Intune configuration, groups, RBAC, apps, or managed devices across the tenant.
The skill requires app-only OAuth credentials and broad tenant-wide Microsoft Graph write permissions, allowing management actions without being scoped to an individual user's session or a limited device/group set.
grant_type=client_credentials ... Required API Permissions (Application): DeviceManagementManagedDevices.ReadWrite.All ... DeviceManagementRBAC.ReadWrite.All ... Group.ReadWrite.All ... GroupMember.ReadWrite.All
Use a dedicated Entra app with the minimum permissions needed, restrict it to test or limited scopes where possible, store the secret securely, monitor Graph audit logs, and revoke or rotate the secret when not needed.
A mistaken or over-broad request could affect real corporate devices or users, including locks, passcode resets, location actions, reboots, wipes, or deletions.
The skill gives the agent direct raw API instructions for high-impact device actions. Confirmation is specified for some operations, but other sensitive actions such as remote lock, reset passcode, locate device, and rename are not clearly gated in the shown safety rules.
Remote Actions... POST .../remoteLock ... /resetPasscode ... /locateDevice ... /wipe ... DELETE .../managedDevices/{managedDeviceId}; Safety Rules: Sync/Restart operations: Ask for confirmation ... Destructive operations (Wipe, Retire, Delete): ALWAYS require explicit confirmation.Require explicit confirmation for every write, remote action, bulk action, script deployment, group change, and policy change; show the exact target objects and expected impact before execution.
Users relying only on registry metadata may not realize the skill needs a privileged Entra application secret before installing or invoking it.
The registry metadata does not advertise the credential requirements or provenance clearly, even though SKILL.md requires Intune OAuth app credentials. This is a metadata/provenance gap, not evidence of hidden code.
Source: unknown ... Required env vars: none ... Primary credential: none ... No install spec — this is an instruction-only skill.
Declare the required environment variables, credential type, Graph permission scopes, and capability tags in registry metadata, and provide a verifiable source repository.