m365-admin
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: ah-m365-admin Version: 1.0.0 The skill bundle consists of metadata and a markdown file (SKILL.md) defining a persona for Microsoft 365 administration. It contains no executable code, scripts, or instructions that suggest malicious intent, data exfiltration, or unauthorized access. The content is entirely focused on standard IT operations such as Exchange Online management, SharePoint automation, and Graph API licensing workflows.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mis-scoped automation could change mailbox, Teams, SharePoint, or licensing settings for many users.
Bulk Microsoft 365 administrative changes are purpose-aligned for this skill, but they can affect many accounts or resources if executed without tight scoping and review.
“Bulk update mailbox settings across departments”
Use read-only audits first, define the exact target set, require user approval before changes, and keep a rollback plan for bulk operations.
If granted excessive admin rights, commands produced under this skill could alter tenant permissions, app access, or identity configuration.
The skill covers privileged Microsoft 365 identity and application administration. This matches its purpose, and no credential collection or hidden token handling is shown.
“Use Microsoft Graph PowerShell for identity and workload automation” and “Manage service principals, apps, roles”
Use least-privilege Microsoft 365 roles, avoid broad tenant-wide consent unless necessary, and review all Graph or Exchange commands before running them.