ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Outlook Email

v0.1.7

Manage Outlook and Microsoft 365 email with AI agents — triage inbox by sender trust, draft replies with tone matching, organize folders, create inbox rules,...

0· 80·0 current·0 all-time
bySteven Obiajulu@stevenobiajulu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description and the declared Microsoft Graph OAuth scopes (Mail.Read, Mail.ReadWrite, Mail.Send, MailboxSettings.ReadWrite, User.Read, offline_access) align with an email management skill; there are no unrelated binaries, environment variables, or config paths requested.
Instruction Scope
The SKILL.md instructs only Graph API interactions (listing, drafting, sending, managing folders/rules, attachments) and explicitly warns that safety guardrails are provided by the reference runtime. It does not instruct the agent to read unrelated files or exfiltrate data to hidden endpoints.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk by the package itself (lowest install risk).
Credentials
The skill declares only optional environment variables, but it legitimately requires high-impact Graph scopes for full functionality. Those scopes are proportionate to the stated capabilities, but they are sensitive (Mail.Send and MailboxSettings.ReadWrite can send mail or create forwarding rules), so consent should be limited to the least-privilege scopes you actually need.
Persistence & Privilege
The skill is not always-enabled and has no install artifacts. However, platform-level autonomous invocation plus granted write scopes would increase risk if the runtime does not implement draft-first and send-allowlist protections; the SKILL.md correctly points out that the instruction-only skill cannot enforce those protections itself.
Assessment
This skill looks like what it says: a set of Graph API patterns for managing Outlook mail. Before installing or granting consent: (1) prefer using the referenced runtime (email-agent-mcp) or another runtime that enforces the 'draft-first' + send-allowlist model, (2) grant the minimal Graph scopes needed — avoid Mail.Send and MailboxSettings.ReadWrite unless necessary, (3) verify the OAuth client/app ID and token storage (use OS keychain or secure storage), (4) consider testing against a non-production mailbox, and (5) if your platform allows autonomous invocation, restrict or require user confirmation for any send or rule-modifying action.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f83p7cw9x1stcvd8gc3h2r584ft72

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments