Outlook Add-in
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed Outlook-to-local-OpenClaw integration, with sensitive email and agent access that is expected for its stated purpose.
Install only if you trust the referenced GitHub project and are comfortable letting selected Outlook emails reach your local OpenClaw agent and its configured model providers. Keep the Gateway allowed origin limited to the exact localhost URL, inspect the Outlook manifest before sideloading, and keep high-impact tools behind confirmation when working from email.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.