Back to skill
Skillv1.0.1
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 11:22 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper for the official PnP Microsoft 365 CLI and its installation/usage requests align with the stated purpose.
- Guidance
- This skill is an instruction-only integration for the official PnP Microsoft 365 CLI and appears coherent. Before installing or granting it access: 1) verify you want the m365 CLI installed globally (or use npx to avoid global install), 2) confirm the npm package version and GitHub repo match the official project, 3) be cautious with credentials — the CLI requires Microsoft credentials to act and using client secrets or certificates should follow least privilege and secure storage practices, 4) restrict the agent's access to only the identity/permissions needed (avoid giving broad tenant-admin credentials to an autonomous agent), and 5) test commands in a sandbox tenant if possible. If you need the agent to operate without human interaction, prefer managed identities or certificates with limited scopes rather than long-lived client secrets or username/password.
Review Dimensions
- Purpose & Capability
- okName/description (m365 PnP CLI) match the requested binary and npm package (@pnp/cli-microsoft365). Requiring the 'm365' binary and Node/npm to install the official package is proportionate to the declared purpose.
- Instruction Scope
- okSKILL.md only instructs the agent to run the m365 CLI commands and to authenticate via supported Microsoft flows (device code, cert, client secret, managed identity). It does not instruct reading unrelated files or exfiltrating data to third-party endpoints.
- Install Mechanism
- noteInstall uses a public npm package (@pnp/cli-microsoft365), which is the expected distribution channel for this CLI. npm installs are moderate risk by nature (they execute code during install) but are appropriate and standard for this tool. The metadata points to the official GitHub and docs.
- Credentials
- okThe skill does not request any environment variables or secrets itself. The documentation describes authentication methods (including client secrets/certificates) which are legitimate for the CLI; any credentials would be supplied by the user and are relevant to the CLI's function.
- Persistence & Privilege
- okalways:false and no requests to modify system or other skills. Autonomous invocation is allowed (platform default) but the skill does not request elevated persistent privileges.