Microsoft 365
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Microsoft 365 integration, but it requests persistent broad access that can read and change Microsoft account data, and some setup text understates that access.
Before installing, review the Microsoft consent screen carefully, use the least-privileged Azure app scopes possible, avoid granting write/offline access unless needed, keep the stored token files private, and revoke the app's Microsoft account access when you no longer use it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill can keep access to sensitive Microsoft 365 data and can modify account content such as sent mail, calendar events, contacts, and OneDrive files.
This hardcoded Microsoft Graph scope list grants mail read/send, calendar and contact write access, broad file read/write access, and offline refresh-token access.
const SCOPES = 'User.Read Mail.Read Mail.Send Calendars.ReadWrite Contacts.ReadWrite Files.ReadWrite.All offline_access';
Only grant these permissions if all write features are needed; otherwise reduce scopes, separate read-only and write-capable modes, and revoke/delete tokens when finished.
A user could believe they are granting mostly read-only access while the runtime actually asks for broader account-changing permissions.
The setup helper records a read-oriented scope list, while the actual authentication code requests additional send and read/write scopes, so users may underestimate the real consent requested.
scopes: 'User.Read Mail.Read Calendars.Read Contacts.Read Files.Read.All offline_access'
Make setup and documentation match the exact scopes used at runtime, and clearly describe which features require each write/send permission.
A simple request to list recent emails may cause the skill to access much more mailbox data than the user expects, even if only a few subjects are printed.
The default recent-email path fetches all message pages from all folders before locally returning the requested top results.
const messages = await callGraphAllPages(endpoint); return messages.sort(...).slice(0, top);
Default to server-side limits and expose an explicit user-approved option for all-folder or full-mailbox scans.
Using these options can send messages or create/change Microsoft account data.
The CLI clearly exposes account-mutating Microsoft 365 actions, and they appear to be interactive/user-selected rather than hidden.
console.log('5. Send Email'); ... console.log('6. Create Calendar Event'); ... console.log('7. Create Contact'); ... console.log('8. Upload File (Sample)');Require explicit user confirmation before sending email, creating events/contacts, or uploading files, especially when an agent is operating on the user's behalf.
Users have less external provenance to rely on before granting broad Microsoft 365 permissions.
The package provenance is not linked to a public source or homepage, although the provided code itself is visible and no install-time dependency behavior is shown.
Source: unknown; Homepage: none
Review the included code and verify the publisher before consenting to Microsoft Graph permissions.