Back to skill
Skillv1.0.1
ClawScan security
Openclaw Intune Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 21, 2026, 2:49 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and required Azure credentials match its Intune-management purpose, but the published metadata omits those required secrets — an internal inconsistency that could lead to silent credential collection or misconfiguration and warrants caution.
- Guidance
- This skill appears to be what it claims — a full Intune Graph API instruction set — but the published metadata incorrectly omits the required Azure credentials. Before installing: (1) do not provide high-privilege client secrets into a skill without verifying provenance — confirm the author and repository (kaffeeundcode.com) and ideally review SKILL.md yourself; (2) prefer using an App Registration with least-privilege Graph application permissions and consider certificate-based auth or managed identity rather than a long-lived client secret; (3) test in a non-production tenant first (use a test tenant or sandbox); (4) verify that your OpenClaw deployment will prompt you for INTUNE_TENANT_ID/CLIENT_ID/CLIENT_SECRET rather than silently reading them from an unexpected place; (5) be aware the skill can perform destructive actions (wipe/retire/delete) — ensure confirmations are enforced and consider restricting the agent's ability to run destructive flows automatically. If you cannot confirm the metadata/credential mismatch or author identity, do not install in a production environment.
- Findings
[no-regex-findings] expected: The static scanner found no code to analyze (instruction-only skill). This is expected given there are only README.md and SKILL.md files. Lack of findings is not evidence of safety — the SKILL.md itself is the main surface.
Review Dimensions
- Purpose & Capability
- noteThe skill claims full Microsoft Intune management and its SKILL.md requires an Azure AD app (tenant id, client id, client secret) and Graph application permissions that are appropriate for that purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and may mislead installers.
- Instruction Scope
- okThe SKILL.md contains explicit API endpoints, OAuth token flow, and safety rules (double confirmation for wipes/retire/delete, formatting of output, error handling). It does not instruct the agent to read unrelated files, call unknown external endpoints, or exfiltrate data beyond Graph API calls. Destructive actions are allowed but require confirmations per the instructions.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code to write to disk — low install risk. The README provides a simple copy-to-workspace installation step.
- Credentials
- concernThe SKILL.md legitimately requires INTUNE_TENANT_ID, INTUNE_CLIENT_ID, and INTUNE_CLIENT_SECRET and lists broad Microsoft Graph application permissions (Directory.Read.All, Group.ReadWrite.All, DeviceManagement*.ReadWrite.All, etc.). Those are high-privilege secrets and permissions but are proportionate to full Intune management. The concern is the mismatch with the registry metadata (which lists no required env vars/primary credential), increasing the chance that the user or platform will not surface or secure these credentials correctly. Also consider requiring certificate-based credentials or managed identities instead of long-lived client secrets.
- Persistence & Privilege
- okThe skill does not request always:true, has no OS restrictions, and is user-invocable. It does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not excessive here.