Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Exchange2010
v1.0.0Connect to Exchange 2010 to manage emails, calendar events, contacts, tasks, attachments, shared calendars, recurring events, and out-of-office settings.
⭐ 0· 1.2k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, SKILL.md examples and the included __init__.py implement Exchange 2010 EWS operations (email, calendar, contacts, tasks) — the requested capabilities match the code's purpose. However the skill's package metadata lists no required env vars while the code expects credentials, indicating a documentation/metadata mismatch.
Instruction Scope
SKILL.md instructs placing Exchange credentials in a .env.credentials file. The code will read a .env.credentials file located two directories above the module and set every KEY=VALUE it finds into os.environ (no filtering). That means the skill will import any keys present in that file (not only Exchange-related keys). Also SKILL.md references EXCHANGE_PASSWORD but the code reads PICARD_PASSWORD (and raises an error mentioning EXCHANGE_PASSWORD), creating confusion and potential runtime errors.
Install Mechanism
No install script or remote downloads are present. The skill is instruction/code-only and does not fetch remote artifacts during install.
Credentials
Registry metadata declares no required env vars but runtime requires credentials. The code expects PICARD_USERNAME / PICARD_PASSWORD and uses EXCHANGE_* fallbacks inconsistently. The practice of loading an arbitrary .env.credentials into os.environ (all keys) is disproportionate because it can import unrelated secrets into the process unexpectedly.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no install-time persistence mechanisms. It will run with normal autonomous invocation defaults.
What to consider before installing
Do not install blindly. The skill's functionality (Exchange EWS access) is plausible, but there are clear mismatches and risky behaviors around credentials:
- SKILL.md asks you to put EXCHANGE_SERVER/EXCHANGE_DOMAIN/EXCHANGE_EMAIL/EXCHANGE_PASSWORD in .env.credentials, but the code actually reads PICARD_USERNAME and PICARD_PASSWORD (with EXCHANGE_* used as fallbacks in some places). This will likely cause runtime confusion or failures.
- The module reads a .env.credentials file two directories up and indiscriminately injects every KEY=VALUE into os.environ. If that file also contains other secrets (AWS keys, tokens, etc.) those would be loaded into the agent process — a significant exposure risk.
- The registry metadata lists no required environment variables; the skill should declare the credentials it needs so you can make an informed consent decision.
What to do before installing:
- Inspect the .env.credentials file and ensure it contains only the exact Exchange credentials you intend to expose (or better, do not store unrelated secrets there).
- Ask the author to fix the inconsistent env variable names (either use EXCHANGE_PASSWORD everywhere or document PICARD_PASSWORD) and update the registry metadata accordingly.
- Consider running this in a restricted environment (no access to other secrets) until the credential-loading behavior is fixed.
- If you cannot verify or change the code, treat the skill as untrusted and avoid providing real secrets.
If the author provides an updated version that documents required env vars correctly and only loads/uses the declared keys (instead of injecting the entire .env file into os.environ), the concerns would be largely resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk9717fxxyrac26pbmrz8w6vvpd80rfg7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.