Back to skill
Skillv1.0.4
ClawScan security
Teams Delegate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 4:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill code and instructions match the stated purpose (automating Microsoft Teams inbox actions) and request only the Graph API scopes needed to read/send Teams messages; the few problems are documentation and dependency omissions rather than malicious behavior.
- Guidance
- This skill appears to do what it says, but review a few items before installing: - Permissions: The Azure app requires powerful Graph scopes (read/write chat, send channel messages). Granting these lets the app read your Teams messages and send messages as you — only proceed if you trust the code and the maintainer. - Admin consent: On corporate tenants you may need admin consent. If you are an employee, consult your IT/security team before granting these permissions to avoid policy violations. - Local tokens: The tool stores auth data under ~/.teams-delegate (token cache and config). Ensure your home directory has appropriate file permissions and remove the token files if you stop using the skill. - Dependencies: The scripts use the Python 'msal' library but the SKILL.md doesn't list how to install it. Install msal (pip install msal) and verify Python versions before running. - Documentation mismatch: SKILL.md claims token.json but the code writes token_cache.bin and config.json — expect the code behavior (check ~/.teams-delegate for the actual files). If you want extra assurance: inspect the scripts locally (they are small and readable) and run them in a controlled account or tenant with limited privileges before pointing them at your primary work account.
Review Dimensions
- Purpose & Capability
- okName/description (delegate Teams inbox) aligns with the code and requested Graph scopes. The scripts authenticate via device-code, list/read chats, summarize messages, and post replies using Microsoft Graph — all appropriate for the stated functionality.
- Instruction Scope
- noteRuntime instructions are narrowly scoped to Teams/Graph actions. However SKILL.md contains small inaccuracies (says token saved to ~/.teams-delegate/token.json, but the code writes token_cache.bin and config.json), and it asks the user to enable 'Allow public client flows' and grant admin consent when applicable (expected for device flow and certain tenant scenarios). The agent instructions do not attempt to read unrelated system files or exfiltrate data to non-Microsoft endpoints.
- Install Mechanism
- noteThis is an instruction-only skill with no install spec. The Python code imports msal, which is not declared or described in the SKILL.md; the user must pip-install msal (and have Python available). Not including dependency installation instructions is an operational omission but not a security concern by itself.
- Credentials
- okNo environment variables or unrelated credentials are requested. The code stores token/cache and config under ~/.teams-delegate (expected for a CLI credential cache). Requested Graph scopes (Chat.Read, Chat.ReadWrite, ChannelMessage.Send, etc.) are required for reading and sending Teams messages — these are powerful (can post messages as the authenticated user) but proportionate to the skill's purpose and are disclosed in the README.
- Persistence & Privilege
- noteThe skill persists tokens and a config in the user's home directory (~/.teams-delegate) and auto-refreshes tokens; it does not request 'always: true' or modify other skills. Persisting tokens locally is typical for CLI tools but means the stored tokens should be protected by the user (file permissions).