← Back to Skills Marketplace
Outlook Add-in
by
nachtsheim
· GitHub ↗
· v0.2.0
· MIT-0
92
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install outlook-addin
Description
Outlook sidebar add-in that brings the full power of your OpenClaw agent into Microsoft Outlook. Chat with your agent about any email, use all your tools and...
Usage Guidance
This skill is coherent for adding an Outlook sidebar that connects to your local OpenClaw Gateway, but it relies on running third‑party code and intentionally exposes your agent inside Outlook. Before proceeding: 1) Inspect the GitHub repository and manifest.xml — confirm the code is trustworthy, review requested Outlook permissions, and check recent commits/maintainer reputation. 2) Do not add https://localhost:3000 to Gateway allowed origins unless you trust the add-in; ensure your Gateway requires authentication and limit allowed origins to only necessary hosts. 3) Be cautious running npm install and a local dev server — run these steps in a controlled/dev environment (not on a critical machine) and audit node packages if possible. 4) Understand that exposing "full agent — with all tools, skills, and automations" to an email context can let the add-in read email content and invoke agent tools; keep sensitive accounts/data locked down and consider least-privilege configurations. 5) If you need higher assurance, ask the publisher for a signed release or a vetted package rather than running a dev server from source. If you cannot verify the repo or do not accept the above risks, avoid installing.
Capability Analysis
Type: OpenClaw Skill
Name: outlook-addin
Version: 0.2.0
The SKILL.md file contains instructions that direct an AI agent to perform high-risk shell and network operations, specifically cloning an external repository (github.com/nachtsheim/openclaw-outlook-addin) and executing 'npm install' and 'npm run dev'. While these actions are plausibly needed for the stated purpose of setting up an Outlook add-in, they represent a significant security risk by executing untrusted code from a remote source. According to the provided criteria, risky capabilities aligned with the stated purpose but lacking clear malicious intent are classified as suspicious.
Capability Assessment
Purpose & Capability
The name/description (Outlook sidebar add-in exposing the agent) matches the runtime instructions: clone a GitHub repo, run the local dev server, sideload manifest, and add localhost as an allowed origin in the Gateway. Nothing requested in the SKILL.md appears unrelated to building an Outlook add-in.
Instruction Scope
Instructions are narrowly focused on building and sideloading a web add-in. However, the add-in design explicitly grants Outlook a connection to your full OpenClaw agent ("all tools, skills, and automations"), which is a broad capability and increases attack surface — the SKILL.md correctly instructs adding https://localhost:3000 to Gateway allowed origins, which is necessary but should be done only after ensuring proper Gateway authentication and trust in the add-in code.
Install Mechanism
This is instruction-only (no install spec in metadata), lowering direct platform risk. But the Quick Start tells the user to clone an external GitHub repo and run npm install and a local server — that pulls third-party code onto the machine. The repo is hosted on GitHub (a common release host), which is expected, but running unreviewed npm packages and starting a dev server is potentially risky and merits review.
Credentials
The skill declares no required environment variables or credentials, which aligns with the SKILL.md. Nonetheless, its purpose is to expose the full agent to Outlook; doing so effectively grants the add-in access to the agent's capabilities. Users must ensure the Gateway enforces authentication/authorization and CORS are configured appropriately — lack of explicit creds in the skill doesn't eliminate the privilege escalation risk at runtime.
Persistence & Privilege
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide agent settings, and is user-invocable. Running as an Outlook sidebar is expected behavior and not inherently excessive.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install outlook-addin - After installation, invoke the skill by name or use
/outlook-addin - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
- Introduces the OpenClaw Outlook add-in, enabling seamless integration of OpenClaw agent features directly within Microsoft Outlook.
- Allows users to chat with their agent about any email, draft replies, and access all agent tools from the Outlook sidebar.
- Supports both Outlook Desktop (Classic) and Outlook Web (OWA).
- Simple setup process provided, with links to the repository and detailed documentation.
Metadata
Frequently Asked Questions
What is Outlook Add-in?
Outlook sidebar add-in that brings the full power of your OpenClaw agent into Microsoft Outlook. Chat with your agent about any email, use all your tools and... It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.
How do I install Outlook Add-in?
Run "/install outlook-addin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Outlook Add-in free?
Yes, Outlook Add-in is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Outlook Add-in support?
Outlook Add-in is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Outlook Add-in?
It is built and maintained by nachtsheim (@nachtsheim); the current version is v0.2.0.
More Skills