Back to skill
Skillv1.1.0
ClawScan security
outlookcli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 20, 2026, 11:29 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with a wrapper for the third-party m365-cli tool to manage a personal Microsoft account; nothing requested is disproportionate to that purpose.
- Guidance
- This skill is a set of instructions to use the third-party m365-cli tool. Before installing or using it: 1) Verify the npm package and GitHub repo (mrhah/m365-cli) to ensure you trust the publisher; 2) Understand that m365 login stores OAuth tokens locally and requests offline_access (refresh tokens) — use m365 logout to clear them when done; 3) The agent will run shell commands and may read/write files you instruct it to attach or download, so avoid attaching sensitive files unless necessary; 4) Note the minor metadata mismatch (registry says no install/binaries while SKILL.md requires m365/npm) — consider installing m365-cli yourself and reviewing its source rather than letting an agent install things automatically.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md explicitly documents use of the m365-cli to manage personal Outlook/OneDrive/Calendar and the listed commands match that purpose. Minor inconsistency: registry metadata reported no required binaries/install, whereas the SKILL.md declares required-binary: m365 and gives an npm install command — but this is plausibly an authoring omission rather than malicious.
- Instruction Scope
- okInstructions are limited to running the m365 CLI for mail/calendar/OneDrive operations, using --json for structured output, and authenticating via the CLI's device-code flow. The instructions do reference reading/writing local files only where appropriate (attachments, uploads, downloads). They do not ask the agent to read unrelated system files or to exfiltrate data to unexpected endpoints.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec in registry), but the SKILL.md tells the user to run `npm install -g m365-cli`. Installing a third-party npm package is a normal, moderate-risk action; the skill itself will not silently download code because it contains no install script. Users should verify the npm package and GitHub repo referenced in SKILL.md before installing.
- Credentials
- okNo sensitive environment variables are required by the skill. Authentication is performed interactively via m365 login (device-code flow) and the CLI requests typical scopes for mail, calendar, and files (including offline_access for refresh tokens) — this is expected for a persistent client that manages email/OneDrive.
- Persistence & Privilege
- okThe skill is not forced-always and has default autonomous invocation allowed. The only persistence implication is that the m365 CLI stores authentication tokens locally (standard for OAuth CLI tools); the skill itself does not request system-wide config changes or other skills' credentials.