Office 365 Connector
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user runs this command accidentally, the token could be captured in terminal history, logs, or conversation context and reused by someone who sees it.
The skill can print a Microsoft Graph bearer access token to stdout. With the granted scopes, that token can be used to access or modify the user's Microsoft 365 data until it expires.
} else if (command === 'token') { getAccessToken(accountName).then(token => { console.log(token); process.exit(0); })Remove or disable the token-printing command, or gate it behind explicit confirmation with redaction. Users should avoid asking the agent to display tokens.
A bad account name could cause the skill to write or delete an unintended local JSON file within the user's filesystem permissions.
The account name is used directly in a filesystem path and later used for deletion. Without validation, crafted names containing path traversal segments could target files outside the intended office365 token directory.
function getAccountTokenPath(accountName) { return path.join(ACCOUNTS_DIR, `${accountName}.json`); } ... if (fs.existsSync(tokenPath)) { fs.unlinkSync(tokenPath); }Restrict account names to a safe pattern such as letters, numbers, dashes, and underscores; normalize and verify token paths remain inside the intended directory before reading, writing, or deleting.
Granting consent gives the skill access to read and change mail, calendars, and contacts, and to refresh access without signing in every time.
The OAuth flow requests broad delegated Microsoft Graph permissions, including send/write permissions and offline refresh access. This is aligned with the stated connector purpose, but it is high-impact.
const SCOPES = [ 'User.Read', 'Mail.Read', 'Mail.ReadWrite', 'Mail.Send', 'Calendars.Read', 'Calendars.ReadWrite', 'Contacts.Read', 'Contacts.ReadWrite', 'offline_access' ].join(' ');Only grant these permissions if you need full Office 365 automation. Prefer a dedicated Azure app with the smallest permission set you actually use, and revoke tokens when no longer needed.
Users have less registry-level information to verify the origin and credential needs of a high-privilege Office 365 connector.
The registry metadata provides limited provenance and does not declare credential requirements, even though the skill documentation and code use Azure client credentials and local OAuth tokens.
Source: unknown; Homepage: none; Required env vars: none; Primary credential: none
Review the included source before use, verify the publisher, and treat the Azure client secret and stored OAuth tokens as sensitive credentials.