ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Office 365 Connector

v2.0.0

Office 365 / Outlook connector for email (read/send), calendar (read/write), and contacts (read/write) using resilient OAuth authentication. NOW WITH MULTI-ACCOUNT SUPPORT! Manage multiple Microsoft 365 identities from a single skill. Solves the difficulty connecting to Office 365 email, calendar, and contacts. Uses Microsoft Graph API with comprehensive Azure App Registration setup guide. Perfect for accessing your Microsoft 365/Outlook data from OpenClaw.

2· 2.2k·10 current·10 all-time
byTiran Dagan@tirandagan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement an Office 365/Outlook connector (email/calendar/contacts) using Microsoft Graph and OAuth, which matches the declared purpose. However the registry metadata lists no required binaries or environment variables even though the runtime instructions and scripts explicitly require Node (node CLI) and often expect Azure credentials (tenant/client/secret). That metadata omission is inconsistent with the stated capability.
!
Instruction Scope
Runtime instructions and CLI scripts operate within expected boundaries (call microsoftonline and graph.microsoft.com, read/write account files under ~/.openclaw/auth). However the SKILL.md and code reference environment variable fallbacks (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET) and a legacy token path — these environment variables were not declared in the registry metadata. The commands also write client secrets and tokens to local files (~/.openclaw/auth/office365-accounts.json and per-account token files). The instructions do not ask for unrelated system data, but they do implicitly access environment variables that the metadata did not advertise.
!
Install Mechanism
The package contains runnable Node CLI scripts (shebangs and many .js files) and SKILL.md examples that use `node ...`, but the registry entry declares no required binaries and provides no install spec. At minimum the skill requires a Node runtime on PATH; the absence of that in metadata is an incoherence. No external downloads or installers are requested (which is good), but the packaging/metadata mismatch increases risk (user might run scripts without realizing Node is required).
!
Credentials
The skill legitimately needs Azure credentials (tenant ID, client ID, client secret) and requests delegated Graph scopes including Mail.Send and write scopes. That is proportional to the described features, but the registry metadata did not declare any required env vars or a primary credential. Sensitive secrets are stored in plaintext JSON files under the user's home directory with mode 0600 (per docs and code) — this is common but still high-sensitivity. The combination of undocumented env-var usage, storage of client secrets, and high-impact permissions (Mail.Send, Mail.ReadWrite, Calendars.ReadWrite, Contacts.ReadWrite) warrants caution.
Persistence & Privilege
The skill does not request permanent global inclusion (always: false) and does not attempt to modify other skills or system-wide settings. It writes only to its own config/token paths under ~/.openclaw and does not request elevated OS privileges. Autonomous model invocation is enabled (default), but that is the platform normal and not, by itself, a red flag here.
What to consider before installing
What to consider before installing: - Source trust: The skill's source/homepage is unknown. The code and docs look consistent with an Office365 connector, but you should only install from authors you trust. Prefer official or well-known sources. - Metadata mismatches: The registry metadata does NOT declare required binaries or environment variables, yet the SKILL.md and scripts expect a Node runtime and may use AZURE_TENANT_ID / AZURE_CLIENT_ID / AZURE_CLIENT_SECRET as fallbacks. Treat those omissions as a packaging/quality issue and verify prerequisites before running. - Secrets handling: The skill stores client secrets and tokens in ~/.openclaw/auth/office365-accounts.json and per-account token files (mode 0600). Files are not encrypted. If you proceed, use a dedicated, minimal-privilege Azure App Registration, rotate secrets often, and avoid putting highly privileged tenant-wide credentials into this skill. - Least privilege: Only grant the Graph permissions you actually need. If you only need read-only, avoid enabling Mail.Send or ReadWrite scopes. Creating an app with the minimum delegated scopes reduces blast radius. - Review/scan the code: Because the source is unknown, inspect the JavaScript files (they're included) or have them audited. The network calls target Microsoft endpoints (login.microsoftonline.com and graph.microsoft.com), which is expected; nonetheless confirm there are no hidden remote endpoints or obfuscated code. - Run safely: Test in an isolated environment or throwaway account before connecting sensitive or corporate accounts. Consider creating a dedicated Azure AD app and test user with only the necessary permissions. If you can't verify the author or you are not comfortable with local secret storage, consider alternatives (official connectors, platform-provided integrations) or request a signed/reviewed release from a trusted maintainer.

Like a lobster shell, security has layers — review code before you run it.

latestvk970t8n0qvwe0v6gjm0t9sndvx80x4r2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments