← Back to Skills Marketplace
cenralsolution

office secretary

by Cenralsolution · GitHub ↗ · v3.1.0
cross-platform ⚠ suspicious
1259
Downloads
0
Stars
3
Active Installs
5
Versions
Install in OpenClaw
/install office-secretary
Description
A digital administrative assistant for Microsoft 365 (Outlook & OneDrive).
Usage Guidance
What to consider before installing: - The skill appears to do what it says (read/triage mail, find calendar slots, list old OneDrive files, post to Teams) and the Python code calls only Microsoft Graph endpoints. - However the registry metadata does not declare the two required environment variables (SECRETARY_CLIENT_ID, SECRETARY_TENANT_ID) shown in SKILL.md and used by the code. This is likely an oversight but could cause the platform not to surface the credential requirements to you—treat it as suspicious until corrected. - The Azure app will need delegated permissions that allow reading/modifying email and files and sending Teams messages. These are powerful rights (Mail.ReadWrite and Files.ReadWrite can modify or delete content). Only grant them for an account/tenant you trust and consider using a dedicated service account with limited data access. - The tool uses interactive authentication and stores a local token_cache.bin. Ensure that file is stored securely (it is gitignored here) and that file-system permissions meet your policy. Review and rotate tokens if you later uninstall. - If you decide to run: inspect the code yourself, register the Azure app in a restricted test tenant, grant only the minimum scopes you accept, and run in an isolated or least-privilege account first. - Fixes that would increase trust: update the registry manifest to explicitly declare required env vars and a clear primary credential, and add NOTES in SKILL.md about token_cache location and exact consent prompts.
Capability Analysis
Type: OpenClaw Skill Name: office-secretary Version: 3.1.0 The skill is classified as suspicious due to the combination of broad Microsoft Graph permissions (`Mail.ReadWrite`, `Calendars.ReadWrite`, `Files.ReadWrite`, `ChatMessage.Send`) and the direct use of command-line arguments (`sys.argv`) for parameters like `team_id`, `channel_id`, and `msg` in `secretary_engine.py` without explicit input validation or sanitization. While the code's intent appears benign and aligned with its stated purpose, these factors introduce potential vulnerabilities (e.g., path injection or malformed requests) if the OpenClaw agent or user provides untrusted input, elevating the risk profile beyond a truly benign skill.
Capability Assessment
Purpose & Capability
The declared purpose (M365 mail, calendar, OneDrive, Teams) matches the code and requested Graph scopes (Mail.ReadWrite, Calendars.ReadWrite, Files.ReadWrite, ChatMessage.Send). However the registry metadata provided to the platform claims no required environment variables or primary credential, while both SKILL.md and the code require SECRETARY_CLIENT_ID and SECRETARY_TENANT_ID. That registry/metadata mismatch is an incoherence that could lead to missing platform prompts or mistaken trust.
Instruction Scope
SKILL.md instructs creation of an Azure app and use of delegated permissions, and the runtime commands call only Microsoft Graph endpoints. The instructions do not request unrelated files or remote endpoints beyond graph.microsoft.com. The skill uses interactive authentication and stores tokens in a local token_cache.bin file.
Install Mechanism
There is no external install or download spec—this is effectively an instruction + code bundle. Requirements.txt lists msal, requests, python-dotenv which are consistent with the code. No remote installers, URL downloads, or archives are used.
Credentials
The code and SKILL.md require two env vars (SECRETARY_CLIENT_ID and SECRETARY_TENANT_ID) and will create a local token_cache.bin; these are proportionate to the declared functionality. The problem is the registry metadata (the platform-level manifest) does not declare these required env vars or a primary credential, which is inconsistent and may cause confusion about what secrets are needed or what the platform will store/ask for.
Persistence & Privilege
The skill is not marked always:true, does not modify other skills or global agent settings, and only writes a local token cache file (token_cache.bin) under its directory. It enforces file permissions on Unix-like systems. Autonomous invocation is enabled (platform default) but not combined with any other broad or unexpected privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install office-secretary
  3. After installation, invoke the skill by name or use /office-secretary
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.1.0
- Added explicit declaration of required environment variables (SECRETARY_CLIENT_ID, SECRETARY_TENANT_ID) for registry compatibility. - Updated description to clarify the skill's main functions. - Minor wording improvements for clarity in governance and other sections.
v3.0.0
Version 1.1.1 - Refocused description and role to emphasize security-first, delegated permissions, and user data privacy. - Updated command interface: clarified parameters and simplified command options. - Added specific setup instructions for Azure Entra ID app registration, delegated permissions, and necessary environment variables. - Removed PDF export and Planner commands from documentation. - Modernized language for communication and executive support capabilities.
v1.1.0
- Added .gitignore and requirements.txt to project for improved environment and dependency management. - Updated skill description to highlight unified automation features for M365, including triage, calendar, governance, and PDF export. - Expanded command interface with new commands: smart calendar scheduling, Teams alerts, Planner integration, and drive cleanup. - Enhanced implementation details: clarified OAuth2 flow, token persistence, and high-performance API strategy.
v1.0.1
Version 1.0.1 introduces major enhancements and broadens functionality beyond core admin tasks. - Expanded role to serve as a unified executive secretary, handling both administrative and executive tasks. - Added Excel dashboards, advanced formula calculation, PDF report generation, and PowerPoint creation via Microsoft 365. - Introduced clear onboarding and troubleshooting logic for setup and authentication issues. - Updated interface with new commands for email rules, Planner, Excel analysis, PDF export, and PowerPoint generation. - Updated required dependencies to support Excel and PowerPoint features.
v1.0.0
Intial creation of the skill 13th February 2026
Metadata
Slug office-secretary
Version 3.1.0
License
All-time Installs 3
Active Installs 3
Total Versions 5
Frequently Asked Questions

What is office secretary?

A digital administrative assistant for Microsoft 365 (Outlook & OneDrive). It is an AI Agent Skill for Claude Code / OpenClaw, with 1259 downloads so far.

How do I install office secretary?

Run "/install office-secretary" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is office secretary free?

Yes, office secretary is completely free (open-source). You can download, install and use it at no cost.

Which platforms does office secretary support?

office secretary is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created office secretary?

It is built and maintained by Cenralsolution (@cenralsolution); the current version is v3.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments