Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
outlook-mail-reader
v1.0.0通过 MCP chrome-devtools 协议控制用户本地 Chrome 浏览器,查询 Outlook 邮件。支持按日期跳转、筛选、搜索邮件。使用前提:用户已在 Chrome 中开启远程调试(127.0.0.1:9222 或 18800),且 OpenClaw 已配置 chrome-devtools-mcp...
⭐ 0· 52·0 current·0 all-time
byXuanwu Yun@yuyun2000
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose—controlling a local Chrome DevTools connection to read Outlook mail—matches the instructions and tool calls (chrome-devtools__* and browser actions). However the SKILL.md requires adding an MCP server entry that runs 'npx chrome-devtools-mcp@latest' inside the OpenClaw gateway config, which is not strictly part of reading mail but is required to enable the MCP plumbing. That requirement is explainable but notable.
Instruction Scope
Instructions ask the user to edit the global OpenClaw config (~/.openclaw/openclaw.json) to add the 'mcp' section and to enable Chrome remote debugging. Modifying agent/gateway config and enabling 127.0.0.1:9222 gives the skill (and any code that is connected) the ability to inspect and interact with all open browser tabs and page content — much broader than 'only Outlook'. The runtime steps instruct reading snapshots and clicking/filling any page elements, which could be used to access or exfiltrate other sensitive pages if present.
Install Mechanism
There is no formal install spec in the registry, but the documentation explicitly tells the user to configure OpenClaw to run 'npx chrome-devtools-mcp@latest --autoConnect'. That causes dynamic fetching and execution of the latest package from the npm registry each time or when the gateway starts — a supply-chain risk. The skill does not recommend pinning a version or verifying the package, increasing risk.
Credentials
The skill requests no environment variables or credentials, which sounds safe, but enabling Chrome remote debugging and adding the MCP entry effectively grants the skill access to the user's local browser state (all tabs, DOM, possibly cookies, and other sensitive data). That level of access is substantially broader than 'read Outlook mail' and is not constrained by the instructions.
Persistence & Privilege
While always:false and the skill is user-invocable, the required manual change to OpenClaw's global config is a persistent modification that affects the gateway and could enable other skills or components to connect to the browser. The SKILL.md warns not to modify other fields, but adding the mcp entry still grants ongoing capability until removed — a persistent privilege with platform-wide implications.
What to consider before installing
This skill can legitimately control your browser to read Outlook, but it requires two sensitive actions: enabling Chrome remote debugging (127.0.0.1:9222) and adding an OpenClaw gateway entry that runs 'npx chrome-devtools-mcp@latest'. Those steps give whatever runs via MCP broad, persistent access to all browser tabs and content and will dynamically fetch code from npm. Before installing: back up ~/.openclaw/openclaw.json; prefer pinning a specific, reviewed package version instead of '@latest'; inspect the chrome-devtools-mcp package source yourself (or run npx manually in an isolated environment first); close any sensitive tabs and cookies; consider using Microsoft Graph API or an official Outlook integration instead of remote-driving a browser; and only enable the MCP/gateway entry while you actively need this skill and remove it afterward. If you are uncomfortable auditing the npm package or editing your gateway config, do not enable this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97ebg86km8d8nqmnzv8ra3erh842yz1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.