ClawHub

outlookcli

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for managing a personal Microsoft account, but it gives an agent broad persistent control over mail, calendar, and OneDrive with insufficient guardrails around sending, sharing, and destructive actions.

Install only if you want an agent to operate on your personal Microsoft email, calendar, contacts, and OneDrive. Review the Microsoft consent screen carefully, avoid granting broader scopes than needed, and require explicit confirmation before any send, forward, delete, move, upload, download, share, invite, or --force command. Use m365 logout when finished if you do not want persistent access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented `m365 login` flow permits arbitrary `--scopes`, `--add-scopes`, and `--exclude` values, allowing the skill to authenticate with permissions beyond its stated email/calendar/OneDrive purpose. In an agent setting, this expands the reachable data and actions surface and can enable over-privileged tokens without clear user understanding.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents multiple destructive operations such as deleting mail, deleting folders, deleting calendar events, and removing OneDrive files, but it does not instruct the agent to require explicit user confirmation before performing them. In an agent setting, this increases the risk of accidental or prompt-induced destructive actions against sensitive personal data.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The reference advertises broad personal Microsoft account access and offline token use but does not prominently warn users about privacy impact, persistent access, or the breadth of accessible mailbox, calendar, file, and contact data. In a personal-account skill, this reduces informed consent and can lead users to authorize sensitive access they do not fully understand.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
Commands for sending email and later OneDrive sharing/invites facilitate outbound transmission of user data to external recipients, but the documentation does not emphasize that these are exfiltration-capable actions. In an autonomous agent context, under-warning high-impact outbound operations increases the risk of accidental or unauthorized disclosure.

Missing User Warnings

Low
Confidence
72% confidence
Finding
Attachment/file downloads and local credential persistence create sensitive data at rest on the local machine, but the reference does not clearly warn about local writes, destination paths, or residual sensitive files. This is lower severity than direct exfiltration, but still increases risk of unintended local exposure on shared or unmanaged systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal