ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outlook

v1.3.0

Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar events, or scheduling.

19· 8.8k·89 current·94 all-time
by@jotamed
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Outlook via Microsoft Graph) align with the scripts and SKILL.md: the scripts call graph.microsoft.com and login.microsoftonline.com and implement mail/calendar operations the skill advertises.
Instruction Scope
SKILL.md and scripts explicitly instruct running setup that logs into Azure, creates an App Registration, requests delegated Graph scopes (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, offline_access), and saves client credentials and tokens to ~/.outlook-mcp. This is expected for direct Graph access, but it does perform privileged actions in the user's Azure account (app registration and client secret creation) and requires user interaction/consent.
Install Mechanism
No remote installer or downloaded code; the skill is instruction-only with included bash scripts. It requires local tools (az, jq) which are documented. No untrusted URLs or archive extraction are used.
Credentials
No environment variables are requested; credentials are stored in ~/.outlook-mcp/config.json and credentials.json (client_id, client_secret, access + refresh tokens). The Graph permissions requested are broad but are appropriate for reading/sending/modifying mail and calendars. Storing client_secret and refresh tokens locally is necessary but increases attack surface if the host is compromised.
Persistence & Privilege
always:false (normal). The setup creates an Azure App Registration and generates a client secret (persisted in the user's tenant) and writes token/config files under the user's home directory. These are reasonable for this skill but are persistent artifacts both locally and in Azure and should be revoked when no longer needed.
Assessment
This skill implements exactly what it says: it will (a) require you to run the setup script which uses the Azure CLI to create an App Registration in your Azure/Microsoft account, (b) create a client secret and save client_id/client_secret and OAuth tokens to ~/.outlook-mcp (files are chmod 600), and (c) use those tokens to call Microsoft Graph to read/send/modify mail and calendar events. Before installing: review the scripts yourself (they are plain bash), prefer running setup from a personal account rather than an org account unless you understand tenant admin consent implications, and be aware the app will have Mail.ReadWrite and Mail.Send (can read, change, and send mail). After use: if you stop using the skill, delete the App Registration and client secret from the Azure Portal and remove ~/.outlook-mcp to revoke access. If you are uncomfortable creating app registrations or storing long-lived credentials, do not install. The skill does not contact any third-party endpoints other than Microsoft and does not appear to exfiltrate data outside Microsoft Graph.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b48pdha5kwqr273vy7mrxb97zxsjy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments