M365 Spam Manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Microsoft 365 spam-management skill, but its code can change mailbox state without the confirmations and credential disclosure its documentation implies.
Review carefully before installing. Use a least-privilege Microsoft 365 profile, verify the target mailbox, and avoid running write operations unless you are comfortable with messages being moved or labeled. Treat the documented confirmation claims as unreliable until the scripts are updated to enforce them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could move messages in Outlook/Exchange without the documented confirmation step, including moving a junk message back into the Inbox.
The script immediately performs a Microsoft Graph move operation with Mail.ReadWrite authority. This conflicts with SKILL.md's claim that moving requires confirmation and that the script always prompts before moving emails.
const token = await getAccessToken(profile, ['Mail.ReadWrite']); ... const result = await graphFetch(url, { method: 'POST', ... body: JSON.stringify({ destinationId: inbox.id }) });Add an explicit confirmation prompt or require a clear flag such as --yes for all move operations, and update the documentation so it matches the actual behavior.
The skill can automatically alter Outlook categories for up to 50 Junk messages and may create global mailbox categories even when a user intended only to test behavior.
The batch checker defaults dryRun to false, creates mailbox categories before the dry-run check, and PATCHes message categories without a confirmation prompt. This mutation workflow is not described in SKILL.md's usage section.
const dryRun = getArg('dryRun', 'false') === 'true'; ... method: 'POST', ... body: JSON.stringify({ displayName: 'Spam', color: 'preset0' }) ... await graphFetch(`${base}/messages/${encodeURIComponent(m.id)}`, { method: 'PATCH', ... body: JSON.stringify({ categories: newCats }) });Make dry-run the default, avoid any mailbox changes during dry-run, require confirmation for batch labeling, and document this script and its side effects clearly.
Installing and using the skill gives it access to whatever mailbox privileges the selected Microsoft 365 profile has, including Mail.ReadWrite operations and any shared mailboxes available to that account.
The code reads an existing local Microsoft 365 token cache and uses it for Graph access, while the registry metadata declares no primary credential, env var, or required config path.
if (!fs.existsSync(cachePath)) throw new Error(`Missing token cache: ${cachePath} ...`); const cacheText = fs.readFileSync(cachePath, 'utf8'); ... if (raw && typeof raw === 'object' && raw.access_token) return raw.access_token;Declare the Microsoft 365 profile/token-cache requirement in metadata, use least-privilege profiles where possible, and make the selected mailbox and mutation scope explicit before running write operations.
The documented automatic cleanup command may fail or lead users to look for/run an unreviewed replacement script.
SKILL.md documents an automatic cleanup script, but the provided file manifest does not include scripts/auto-clean.mjs. The reviewed package therefore does not contain the documented automatic-mode implementation.
node skills/m365-spam-manager/scripts/auto-clean.mjs --profile tom-business-mail --mailbox radman@e-ola.com --threshold 80
Either include and review the referenced auto-clean script or remove the command from documentation; users should run only scripts included in the reviewed package.