Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Outlook Add-in
v0.2.0Outlook sidebar add-in that brings the full power of your OpenClaw agent into Microsoft Outlook. Chat with your agent about any email, use all your tools and...
⭐ 0· 55·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (Outlook sidebar add-in exposing the agent) matches the runtime instructions: clone a GitHub repo, run the local dev server, sideload manifest, and add localhost as an allowed origin in the Gateway. Nothing requested in the SKILL.md appears unrelated to building an Outlook add-in.
Instruction Scope
Instructions are narrowly focused on building and sideloading a web add-in. However, the add-in design explicitly grants Outlook a connection to your full OpenClaw agent ("all tools, skills, and automations"), which is a broad capability and increases attack surface — the SKILL.md correctly instructs adding https://localhost:3000 to Gateway allowed origins, which is necessary but should be done only after ensuring proper Gateway authentication and trust in the add-in code.
Install Mechanism
This is instruction-only (no install spec in metadata), lowering direct platform risk. But the Quick Start tells the user to clone an external GitHub repo and run npm install and a local server — that pulls third-party code onto the machine. The repo is hosted on GitHub (a common release host), which is expected, but running unreviewed npm packages and starting a dev server is potentially risky and merits review.
Credentials
The skill declares no required environment variables or credentials, which aligns with the SKILL.md. Nonetheless, its purpose is to expose the full agent to Outlook; doing so effectively grants the add-in access to the agent's capabilities. Users must ensure the Gateway enforces authentication/authorization and CORS are configured appropriately — lack of explicit creds in the skill doesn't eliminate the privilege escalation risk at runtime.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide agent settings, and is user-invocable. Running as an Outlook sidebar is expected behavior and not inherently excessive.
Assessment
This skill is coherent for adding an Outlook sidebar that connects to your local OpenClaw Gateway, but it relies on running third‑party code and intentionally exposes your agent inside Outlook. Before proceeding: 1) Inspect the GitHub repository and manifest.xml — confirm the code is trustworthy, review requested Outlook permissions, and check recent commits/maintainer reputation. 2) Do not add https://localhost:3000 to Gateway allowed origins unless you trust the add-in; ensure your Gateway requires authentication and limit allowed origins to only necessary hosts. 3) Be cautious running npm install and a local dev server — run these steps in a controlled/dev environment (not on a critical machine) and audit node packages if possible. 4) Understand that exposing "full agent — with all tools, skills, and automations" to an email context can let the add-in read email content and invoke agent tools; keep sensitive accounts/data locked down and consider least-privilege configurations. 5) If you need higher assurance, ask the publisher for a signed release or a vetted package rather than running a dev server from source. If you cannot verify the repo or do not accept the above risks, avoid installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ck0xnqtarafhxp6sa9f7ej983p2j2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.