Back to skill
Skillv1.0.0
ClawScan security
Outlook for Work/School 365 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 7:21 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions align with its stated purpose: it uses Azure/OAuth and Microsoft Graph to access and manage Outlook mail and calendar; the requested actions and stored secrets are proportionate to that goal.
- Guidance
- This skill appears to do what it says, but be aware of these practical security points before installing: 1) The automated setup will create an Azure App Registration and a client secret in the authenticated Azure account/tenant — that requires appropriate privileges and may require admin consent for some tenants. 2) The client_secret and OAuth tokens are stored on disk at ~/.outlook-mcp/config.json and credentials.json; anyone with access to those files could use them to access your mailbox until you revoke them. 3) If you prefer tighter control, perform the manual setup (references/setup.md) and create the app yourself in the Azure Portal, then paste only the minimal config into ~/.outlook-mcp. 4) After use, revoke the app secret or delete the App Registration and remove ~/.outlook-mcp to invalidate access. 5) Inspect the included scripts (they are plain shell) before running and ensure az, jq, and curl are trusted on your system.
Review Dimensions
- Purpose & Capability
- okName/description match the code: scripts call Microsoft Graph, perform calendar and mail operations, and the setup creates an Azure app registration and requests Mail.ReadWrite, Mail.Send, Calendars.ReadWrite and offline_access scopes — all expected for full mailbox/calendar management.
- Instruction Scope
- noteRuntime instructions direct the user to run an automated setup that logs into Azure, creates an app registration, creates a client secret, guides user authorization, and saves tokens and credentials under ~/.outlook-mcp. This is consistent with the skill's purpose but does store sensitive credentials and tokens on disk; the scripts do not appear to read unrelated files or exfiltrate data to third-party endpoints.
- Install Mechanism
- okNo external install/download is performed by the skill bundle; it is instruction+script based and relies on local tools (az, jq, curl). There are no obscure or remote installers, and no extracted archives or external binaries fetched by the skill.
- Credentials
- noteThe skill requests no platform env vars but creates and stores a client_id/client_secret/tenant and access/refresh tokens in ~/.outlook-mcp — this is necessary for a confidential OAuth client but is sensitive. The OAuth scopes requested are appropriate for the stated mail/calendar functionality.
- Persistence & Privilege
- notealways:false and the skill does not auto-enable itself. It will create an Azure App Registration and a client secret in the user's tenant (if the authenticated account has permissions) and write config/tokens to the user's home directory — side effects that affect the user's Azure tenant and local filesystem but are expected for this functionality.