ClawHub

Microsoft 365

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Microsoft 365 skill, but it should be treated as sensitive because it can access and change mail, calendar, contacts, and OneDrive after Microsoft consent.

Install only if you are comfortable granting this skill broad Microsoft Graph access to the selected account. Use your own Azure app registration, review the Microsoft consent prompt, protect ~/.openclaw/credentials, do not sync or commit token files, and revoke the app in Microsoft account settings when you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill description indicates code capabilities that involve environment access and network communication, but it does not declare corresponding permissions. This creates a transparency and trust problem: users or orchestration systems may approve or run the skill without understanding that it can access secrets from the environment and communicate with external Microsoft Graph endpoints. In a credentialed integration skill, undeclared capabilities are especially risky because they can lead to unintended secret exposure or unauthorized outbound actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that Microsoft access tokens are stored locally in `tokens.json` and even labels this as 'safe' without warning that these tokens are sensitive credentials. If that file is exposed through weak filesystem permissions, backups, sync tools, logs, or accidental commits, an attacker could reuse the tokens to access the user's Microsoft 365 data such as email, calendar, contacts, and OneDrive files. In the context of a Microsoft Graph integration, this is more dangerous because the stored tokens may grant broad access to highly sensitive personal or organizational data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
OAuth tokens, potentially including refresh tokens, are written to disk in plaintext with no permission hardening, encryption, or validation of the destination file's protections. If another local user, malware, or a backup/sync process can read that file, the attacker may gain persistent access to the associated Microsoft 365 account.

Session Persistence

Medium
Category
Rogue Agent
Content
### Calendar
- **Fetch events**: `node index.js --account personal --calendar`
- **Create event**: Use interactive mode or automated scripts.

### Email
- **Read emails**: Interactive mode (option 1).
Confidence
74% confidence
Finding
Create event**: Use interactive mode or automated scripts. ### Email - **Read emails**: Interactive mode (option 1). - **Send email**: Interactive mode (option 5). ### Contacts & OneDrive - **Contac

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal