← Back to Skills Marketplace
377
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ews-skill
Description
Extract calendar events from Microsoft Exchange via EWS API
README (SKILL.md)
Purpose
Fetch calendar events from Microsoft Exchange Web Services (EWS) and return them as structured JSON.
When to Use
- User asks about their calendar events ("What's on my calendar today?")
- Need to retrieve meetings for today, tomorrow, or a specific date
- Extracting meeting details: subject, time, location, organizer, body text, links
Security Model
Credentials are stored in OS keyring, NOT in config files:
- macOS: Keychain Access (encrypted, OS-managed)
- Linux: libsecret / gnome-keyring (encrypted, OS-managed)
Only EWS_URL and EWS_USER are stored in OpenClaw config (non-secret). The password is retrieved securely at runtime.
Setup
1. Install keyring tools (Linux only)
# Debian/Ubuntu
sudo apt install libsecret-tools gnome-keyring
# Fedora
sudo dnf install libsecret gnome-keyring
# Arch
sudo pacman -S libsecret gnome-keyring
macOS has Keychain built-in.
2. Store credentials in keyring
{baseDir}/ews-calendar-setup.sh --user "DOMAIN\\username"
You will be prompted for your password. This stores it securely in the OS keyring.
3. Configure OpenClaw
Add to ~/.openclaw/openclaw.json:
{
skills: {
entries: {
"ews-calendar": {
enabled: true,
env: {
EWS_URL: "https://outlook.company.com/EWS/Exchange.asmx",
EWS_USER: "DOMAIN\\username"
}
}
}
}
}
Replace with your actual Exchange URL and username.
Usage
The skill runs {baseDir}/ews-calendar-secure.sh which:
- Retrieves
EWS_PASSfrom OS keyring - Calls the main script with all credentials in environment
- Returns JSON output
Command Syntax
{baseDir}/ews-calendar-secure.sh --date \x3CDATE> [--output \x3CFILE>] [--verbose]
Parameters
--date(required): Date filterYYYY-MM-DD— specific date (e.g.,2026-03-03)today— today's datetomorrow— tomorrow's date
--output \x3CFILE>: Write JSON to file instead of stdout--verbose: Enable debug logging--debug-xml \x3CFILE>: Save raw XML response for debugging
Output Format
Returns JSON array of calendar events:
[
{
"subject": "Team Standup",
"start": "2026-03-03T10:00:00Z",
"end": "2026-03-03T10:30:00Z",
"location": "Conference Room A",
"organizer": "[email protected]",
"body": "Weekly sync meeting to discuss sprint progress...",
"links": ["https://zoom.us/j/12345", "https://confluence.example.com/doc"]
}
]
Returns empty array [] if no events found.
Example Invocations
Get today's events:
{baseDir}/ews-calendar-secure.sh --date today
Get tomorrow's events to file:
{baseDir}/ews-calendar-secure.sh --date tomorrow --output /tmp/tomorrow.json
Get specific date with debug:
{baseDir}/ews-calendar-secure.sh --date 2026-03-03 --verbose --debug-xml /tmp/debug.xml
Troubleshooting
Password not found in keyring
[ERROR] Password not found in keyring for user: DOMAIN\username
[HINT] Run: ./ews-calendar-setup.sh to store credentials
Solution: Run the setup script to store your password:
{baseDir}/ews-calendar-setup.sh --user "DOMAIN\\username"
Linux: secret-tool not found
[ERROR] 'secret-tool' not found. Install: apt install libsecret-tools
Solution: Install libsecret tools:
sudo apt install libsecret-tools gnome-keyring
Linux: Keyring locked
On Linux, the keyring may be locked after login.
Solution: Unlock your keyring (usually happens automatically on desktop login). For headless servers, you may need to set up a keyring daemon.
HTTP request failed
[ERROR] HTTP request failed with status: 401
Possible causes:
- Incorrect username or password
- Password changed — re-run setup script
- Account locked or expired
SOAP Fault
[ERROR] SOAP Fault detected
Fault code: a:ErrorInvalidRequest
Fault string: The request is invalid.
Possible causes:
- Invalid EWS URL (check
EWS_URLin config) - Date format issue (use
YYYY-MM-DD) - Exchange server configuration issue
Credential Management
Update password (after password change)
{baseDir}/ews-calendar-setup.sh --user "DOMAIN\\username"
The script will overwrite the existing entry.
Remove credentials
{baseDir}/ews-calendar-setup.sh --user "DOMAIN\\username" --delete
Or manually:
macOS:
security delete-generic-password -a "DOMAIN\\username" -s "ews-calendar"
Linux:
secret-tool clear service "ews-calendar" user "DOMAIN\\username"
View stored credentials (macOS only)
security find-generic-password -a "DOMAIN\\username" -s "ews-calendar" -w
Files in This Skill
{baseDir}/
├── SKILL.md # This file
├── ews-calendar.sh # Main script (reads from env or .env)
├── ews-calendar-secure.sh # Wrapper that gets password from keyring
├── ews-calendar-setup.sh # Store credentials in keyring
├── templates/
│ ├── find-items.xml # SOAP template for finding calendar items
│ └── get-item.xml # SOAP template for getting item details
└── .env.example # Example config for standalone usage
Alternative: Standalone Usage (without keyring)
For development or testing, you can run ews-calendar.sh directly with a .env file:
- Copy
.env.exampleto.env - Fill in your credentials
- Run:
./ews-calendar.sh --date today
Warning: This stores password in plaintext. Use keyring for production.
Usage Guidance
This skill appears to do exactly what it says: read your EWS calendar via NTLM and return JSON. Before installing, verify the skill's source/trust (it has no homepage), review the included scripts yourself, and ensure you configure it to use the OS keyring rather than the .env fallback. If you enable debug XML or use --output files, ensure the output files have strict permissions (chmod 600) or avoid writing them to shared locations. Confirm EWS_URL points to your organization's Exchange server (HTTPS) and remove any plaintext .env files after testing. If you have concerns about third-party code, run the scripts in an isolated environment or inspect them line-by-line (they are small shell scripts).
Capability Analysis
Type: OpenClaw Skill
Name: ews-skill
Version: 1.0.0
The skill primarily uses OS keyrings for secure credential storage, which is a good practice. However, the `ews-calendar.sh` script includes an alternative 'standalone usage' mode that allows loading credentials, including the password, from a plaintext `.env` file. Although `SKILL.md` and `README.md` explicitly warn against using this for production, the presence of this capability (a documented vulnerability) constitutes a significant security risk if users disregard the warnings, leading to potential plaintext password exposure. There is no evidence of malicious intent, prompt injection, or other harmful behaviors.
Capability Assessment
Purpose & Capability
Name/description (EWS calendar extraction) match the files and runtime requirements. Requested binaries (curl, xmllint) and optional keyring tools (security/secret-tool) are appropriate. Required env vars (EWS_URL, EWS_USER) are exactly what an EWS client needs.
Instruction Scope
Runtime instructions and scripts stay within scope: they retrieve the password from the OS keyring, call the configured EWS_URL via curl/NTLM, parse SOAP XML, and return JSON. Notes: (1) there is a fallback path to load credentials from a .env file (plaintext EWS_PASS) for standalone use — the README warns about this; (2) the tool can write raw XML to disk via --debug-xml and may print full HTTP responses on error, which could expose sensitive calendar contents if files/outputs are not protected.
Install Mechanism
No install spec is present (instruction-only skill plus included scripts). That is low-risk; the repository provides shell scripts to run directly. Nothing is downloaded from untrusted URLs or auto-installed by the skill.
Credentials
The skill only requires EWS_URL and EWS_USER in config; the secret (EWS password) is stored in the OS keyring rather than requested as an environment variable, which is proportionate. Caveats: the scripts support a .env fallback (EWS_PASS in plaintext) which increases risk if used; the skill does not request unrelated credentials or broad environment access.
Persistence & Privilege
Skill is not forced-always. It requires the user to enable it in ~/.openclaw/openclaw.json per instructions. It does not modify other skills or system-wide agent settings and does not request permanent elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ews-skill - After installation, invoke the skill by name or use
/ews-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Secure calendar event extraction from Microsoft Exchange via EWS API.
- Fetches Exchange calendar events and returns them as structured JSON.
- Secure credential storage using OS keyring (no plaintext passwords).
- Includes setup, configuration, and troubleshooting instructions for Linux and macOS.
- Provides shell scripts for setup, secure execution, and credential management.
- Supports date filtering (today, tomorrow, specific date) and output to file.
- Output includes subject, time, location, organizer, body, and links for each event.
Metadata
Frequently Asked Questions
What is EWS Skill?
Extract calendar events from Microsoft Exchange via EWS API. It is an AI Agent Skill for Claude Code / OpenClaw, with 377 downloads so far.
How do I install EWS Skill?
Run "/install ews-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is EWS Skill free?
Yes, EWS Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does EWS Skill support?
EWS Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created EWS Skill?
It is built and maintained by basuev (@basuev); the current version is v1.0.0.
More Skills