Skillv0.1.1

ClawScan security

M365 Mailbox (Graph) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 11:14 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources align with its stated purpose (MS Graph mailbox automation); it uses local OAuth device-code flows and stores tokens locally — no unrelated credentials or external endpoints were found.
Guidance: This skill appears to do what it says: it uses Microsoft device-code OAuth and Microsoft Graph calls and stores tokens locally. Before installing: 1) Ensure you run it on a machine with a compatible Node version (msal-node requires Node >=20). 2) Provide a legitimate clientId (for business accounts you may need an IT-provided app with admin consent). 3) Review and protect the token/cache directory (~/.openclaw/secrets/m365-mailbox); do not commit or share it. 4) Prefer minimal-consent mode and keep 'send' behind confirmation unless you explicitly trust autonomous sending. 5) Because npm dependencies are pulled at install time, only install if you trust the skill source or are prepared to audit the included package-lock.json and code (all source files are included in the bundle).

Review Dimensions

Purpose & Capability: okName/description match the included scripts: the files implement Microsoft Graph mailbox operations (list, search, read, draft, send) and use MSAL device-code flow. Declared dependencies (@azure/msal-node) and setup requiring a clientId are appropriate for this purpose.
Instruction Scope: noteRuntime instructions direct the agent to run the provided Node ESM scripts and to store per-profile config/token cache under ~/.openclaw/secrets/m365-mailbox; scripts only access those files and Microsoft endpoints (login.microsoftonline.com and graph.microsoft.com). Note: msal-node in package-lock requires Node >=20 and the code uses global fetch (Node 18+ has experimental fetch, Node 20 stable) — SKILL.md states 'Node.js' but does not specify a minimum version; ensure your Node version matches the dependency requirements.
Install Mechanism: okThere is no remote download/install step in the skill bundle; dependencies are standard npm packages (resolved via npm registry). The SKILL.md asks the user to run npm install in the skill folder — expected for this kind of Node-based skill. Risk is typical for pulling npm deps: review/lock dependencies if you require stricter controls.
Credentials: okThe skill requests no environment variables or unrelated credentials. It requires a user-supplied Microsoft App clientId and tenant (expected for delegated OAuth device-code flow). Tokens and profile config are persisted locally; this is proportional but sensitive — anyone with filesystem access to the token cache can use those tokens until revoked/expired.
Persistence & Privilege: okalways:false and user-invocable:true (default) — no forced global inclusion. The skill stores its own files in ~/.openclaw/secrets/m365-mailbox (its own namespace) and does not modify other skills or system-wide configs. It implements a local policy to require confirmation for write/send operations by default, which limits autonomous outbound writes.