ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outlook Calendar (M365)

读取企业 Microsoft 365 Outlook 日历。当用户问任何涉及日程、会议、安排、工作、任务、事情的问题时触发,例如:今天有什么安排、这周有什么会、本月会议多少小时、明天要做什么、下周有啥工作、这周有什么事、有啥任务等。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 228 · 0 current installs · 0 all-time installs
by@ilove323
duplicate of @ilove323/outlook-calendar
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read M365 Outlook calendar) match the included code and instructions: login.py automates a browser login (MFA number match) and owa_calendar.py extracts a Bearer token and calls the OWA calendar API. Requested binary (python3) and use of Playwright/requests are appropriate for this scraping+API approach.
Instruction Scope
SKILL.md explicitly instructs the user to create ~/.outlook/config.json containing email/password and to run login.py and owa_calendar.py. The runtime instructions are narrowly focused on authentication and calendar retrieval and only reference files in ~/.outlook and the skill directory. This is coherent, but the instructions require creation and persistent storage of sensitive credentials and cookies on the host.
Install Mechanism
There is no automatic installer in the registry (instruction-only), but SKILL.md tells users to pip install playwright and requests and to run playwright install chromium. These are common packages and an expected approach for Playwright automation, but they will install a browser runtime (Chromium) and pull code from PyPI — a normal but non-trivial setup step.
Credentials
The skill does not ask for environment variables, but it does require you to supply your full email and password in plaintext in ~/.outlook/config.json, plus it creates cookies.json and token.json (Bearer token) and a login_status.txt. These artifacts are necessary for the implemented method but are sensitive: storing credentials and tokens locally increases exposure risk compared with an OAuth-based delegated-token flow.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It writes its own state to ~/.outlook (config, cookies, token, status). That is normal for this kind of skill, but those files should be protected and you should be aware the skill will reuse cached tokens and cookies until they expire.
Assessment
This skill appears to implement what it claims, but before installing you should: (1) only install if you trust the skill source (origin is unknown); (2) review the included Python files yourself — they will handle your password, cookies, and tokens; (3) prefer an OAuth/delegated access approach if your org supports it instead of giving raw credentials; (4) if you must use it, create ~/.outlook/config.json with minimum-privilege account, set file permissions (chmod 600) and limit who can read the home directory; (5) run the skill in an isolated environment (container or VM) if possible; (6) remove or rotate credentials/cookies/tokens after use and inspect login_status/debug screenshots (saved under ~/.outlook) for unexpected behavior; (7) be aware the script will contact login.microsoftonline.com and outlook.office.com (expected) and will save a Bearer token to token.json — keep that file private. If you need help assessing the code or migrating to an OAuth app approach, consider asking a trusted admin.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9715t6cw58f3rs0gm0m5wq62d81zxbd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis
Binspython3

SKILL.md

Outlook 日历技能

触发条件

只要用户问任何涉及日程、会议、安排、日历、工作、任务、事情的问题,必须调用此技能。

  • "明天有什么安排" / "这周有什么会" / "本月日程"
  • "帮我看看日历" / "我今天几点有会"
  • "这个月会议一共多少小时"
  • "我下周有啥工作" / "明天要做啥" / "这周有什么事"
  • "下周安排" / "有啥任务" / "日程表看一下"
  • 任何时间 + 安排/会议/事件/工作/任务/事情的组合问法

首次配置

敏感信息(账号密码、Cookie、Token)存放在 ~/.outlook/不在 skill 目录内

1. 创建配置文件

创建 ~/.outlook/config.json,内容如下:

{
  "email": "your@company.com",
  "password": "your_password",
  "cookie_file": "/root/.outlook/cookies.json",
  "cookie_max_age_days": 7,
  "mfa_type": "authenticator_number_match"
}

2. 安装依赖

pip install playwright requests
playwright install chromium

3. 首次登录(MFA)

cd ~/.agents/skills/outlook-calendar
python login.py

脚本输出 [NUMBER:XX] 时,在 Microsoft Authenticator App 输入数字 XX 并批准,Cookie 自动保存到 ~/.outlook/cookies.json

调用步骤

第一步:读取日历

cd ~/.agents/skills/outlook-calendar
python owa_calendar.py --today          # 今天
python owa_calendar.py --tomorrow       # 明天
python owa_calendar.py --week           # 本周
python owa_calendar.py --month 2026-03  # 指定月份
python owa_calendar.py --range 2026-03-01 2026-03-31  # 自定义范围

第二步:处理 AUTH_FAILED

若输出 [AUTH_FAILED],Cookie 或 Token 过期,重新登录:

python login.py

第三步:整理输出

按用户问题整理回答:列出事件、统计总时长、按周分组等。 注意:API 返回时间为 UTC,需 +8 转换为上海时间。

文件结构

skill 目录(无敏感信息):
~/.agents/skills/outlook-calendar/
├── SKILL.md
├── login.py          # MFA 登录,保存 Cookie 到 ~/.outlook/
└── owa_calendar.py   # 日历读取(Token 模式)

敏感数据目录:
~/.outlook/
├── config.json       # 账号密码(自行创建)
├── cookies.json      # 登录 Cookie(login.py 自动生成)
└── token.json        # Bearer Token 缓存(自动生成,1h 有效)

MFA 说明

  • 类型:Authenticator 数字匹配
  • Cookie 有效期:通常 1-7 天,过期重跑 login.py
  • 多次失败会触发微软限速,等 15 分钟再试

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…