Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Outlook
v1.0.0Access Microsoft Outlook via Maton Gateway to read, send, and manage emails, folders, calendar events, and contacts with OAuth authentication.
⭐ 0· 26·0 current·0 all-time
byOtman Heddouch@otman-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and description align: it proxies Microsoft Graph (Outlook) via Maton Gateway (gateway.maton.ai / ctrl.maton.ai) and exposes mailbox, calendar, contacts, and connection management operations that match the stated purpose. However, the skill has unknown source/homepage metadata, which reduces trustworthiness of the provider.
Instruction Scope
The runtime instructions contain numerous curl examples that rely on an environment variable MATON_API_KEY and call ctrl.maton.ai for connection management and gateway.maton.ai for API access. The instructions do not tell the agent to read unrelated local files, but they do instruct use of an undeclared secret (MATON_API_KEY) and to 'open the returned url in your browser' for OAuth flows. The agent will need that API key to act; the SKILL.md expects it but the skill metadata doesn't declare it.
Install Mechanism
No install spec and no code files — this is instruction-only, which minimizes attack surface from bundled binaries or downloads. However, instruction-only also means there is no code to audit beyond the prose, and network calls will go to Maton endpoints.
Credentials
The SKILL.md requires MATON_API_KEY (a bearer token) for Authorization and demonstrates operations that would grant full mailbox/calendar/contact access. But the registry metadata lists no required environment variables and no primary credential. The absence of a declared primary credential is an inconsistency. Requesting a single API key is proportionate for this functionality, but the key grants sensitive access and the skill should have declared it and documented required scopes and storage/rotation practices.
Persistence & Privilege
The skill is not always-enabled and does not request system-level persistence or modification of other skills' configs. Autonomous invocation is allowed (the platform default) but this combination with an undeclared sensitive credential increases the blast radius if the key is provided.
What to consider before installing
Do not install or enable this skill until you verify the provider and credential requirements. Specific actions to take: 1) Confirm with the skill publisher where MATON_API_KEY should come from and why the registry metadata omits it; demand that the skill declare required env vars and the token's minimum OAuth scopes. 2) Validate Maton (maton.ai / ctrl.maton.ai / gateway.maton.ai) as a trusted third party before giving any token that can read/send mail. 3) Prefer using official Microsoft Graph integration (with per-scope OAuth) or a vetted connector over a third-party gateway for sensitive mail access. 4) If you proceed, limit and rotate the API key, store it securely, and monitor for unexpected agent activity. 5) Ask the publisher for a homepage, source repository, or a signed provenance statement so you (or a reviewer) can audit what the skill will do.Like a lobster shell, security has layers — review code before you run it.
latestvk97dpp1c2kjethxptbtqsjrbwn849esj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.