← Back to Skills Marketplace
alirezarezvani

Ms365 Tenant Manager

by Alireza Rezvani · GitHub ↗ · v2.1.1 · MIT-0
cross-platform ⚠ suspicious
1291
Downloads
0
Stars
5
Active Installs
2
Versions
Install in OpenClaw
/install ms365-tenant-manager
Description
Microsoft 365 tenant administration for Global Administrators. Automate M365 tenant setup, Office 365 admin tasks, Azure AD user management, Exchange Online...
Usage Guidance
This skill contains ready-to-run PowerShell and Python generators that will create and execute high-privilege Microsoft 365 actions. Before installing or using it: (1) only use in a non-production/test tenant first and review every generated script; (2) do not grant Global Admin or broad Graph scopes to untrusted code — prefer a least-privilege app registration with only required permissions or use managed identities/secure vaults; (3) remove or avoid examples that embed client secrets or use plaintext ConvertTo-SecureString -AsPlainText; store secrets in a secure secret manager and use certificate-based app auth where possible; (4) restrict agent/autonomous invocation or require explicit human approval before running scripts that change Conditional Access, license assignments, or revoke sessions; (5) verify there are no hard-coded secrets in the repository and audit logs after any run. If you cannot validate the author/source or cannot safely provide least-privilege credentials, do not enable this skill against production tenants.
Capability Analysis
Type: OpenClaw Skill Name: ms365-tenant-manager Version: 2.1.1 The ms365-tenant-manager bundle provides tools for Microsoft 365 administration but contains vulnerabilities in its script generation logic. Specifically, the Python modules (powershell_generator.py, tenant_setup.py, and user_management.py) construct PowerShell scripts by embedding input parameters directly into f-strings without sanitization or escaping. This lack of input validation creates a risk of PowerShell injection if an attacker can influence the input data (e.g., user names, policy names, or company names). While the bundle's stated purpose is legitimate and it promotes security best practices in its documentation, the underlying code generation lacks the necessary safeguards to prevent exploitation.
Capability Assessment
Purpose & Capability
The name, description, SKILL.md and included scripts all align: this is a Microsoft 365 tenant administration tool that generates PowerShell for tenant setup, CA policies, licensing, audit and user lifecycle. That capability legitimately requires high-privilege credentials (Global Admin or an appropriately permissioned app). The metadata, however, declares no required environment variables or primary credential — an omission that reduces transparency but does not by itself contradict the purpose.
Instruction Scope
SKILL.md and the included PowerShell templates direct the agent/operator to run high-privilege Graph and Exchange cmdlets (Connect-MgGraph with wide scopes, New-MgIdentityConditionalAccessPolicy, Set-MgUserLicense, Revoke tokens, etc.). Those commands are coherent with the stated purpose, but the instructions and troubleshooting docs also show examples that encourage embedding clientId/clientSecret and using ConvertTo-SecureString with plaintext secrets — an insecure practice that could lead to credential exposure. The skill references local files (CSV inputs) and does not call external endpoints beyond Microsoft APIs, so there is no explicit data exfiltration endpoint, but the agent will need tenant credentials to perform most actions.
Install Mechanism
There is no install spec (instruction-only behavior) and the package contains local Python script generators and documentation. Nothing is downloaded or executed from arbitrary remote URLs, and no package managers are invoked. This is lower-risk from an install-perspective, but the included code will generate and run PowerShell that acts on a live tenant.
Credentials
The skill performs operations that require Global Administrator or high privilege application permissions (Directory.ReadWrite.All, Policy.ReadWrite.ConditionalAccess, User.ReadWrite.All, ExchangeOnline). That level of access is proportionate to the functionality — but the skill declares zero required environment variables or primary credential, giving no explicit guidance on how to supply credentials safely. Additionally, the docs show insecure examples for application authentication (clientSecret assigned from plaintext), increasing the risk of credential leakage if users follow them.
Persistence & Privilege
The skill is not forced-always (always:false) and uses the default model-invocation behavior (agent may invoke autonomously). Autonomous invocation combined with high-privilege actions increases potential blast radius if the agent is allowed to act without human control. This combination is not flagged as outright malicious by itself, but you should treat autonomous runs with extra caution for admin-capable skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ms365-tenant-manager
  3. After installation, invoke the skill by name or use /ms365-tenant-manager
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
Initial release with comprehensive Microsoft 365 tenant administration automation for Global Administrators. - Automate M365 tenant setup, Office 365 admin tasks, and Azure AD/Exchange Online/Teams configuration. - Generate PowerShell scripts for bulk user management, Conditional Access, license assignment, and compliance auditing. - Includes workflows for tenant setup, security hardening, user lifecycle (onboarding/offboarding), and best practices. - Reference guides and troubleshooting resources provided. - Details prerequisites and required permissions for operation.
Metadata
Slug ms365-tenant-manager
Version 2.1.1
License MIT-0
All-time Installs 5
Active Installs 5
Total Versions 2
Frequently Asked Questions

What is Ms365 Tenant Manager?

Microsoft 365 tenant administration for Global Administrators. Automate M365 tenant setup, Office 365 admin tasks, Azure AD user management, Exchange Online... It is an AI Agent Skill for Claude Code / OpenClaw, with 1291 downloads so far.

How do I install Ms365 Tenant Manager?

Run "/install ms365-tenant-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ms365 Tenant Manager free?

Yes, Ms365 Tenant Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ms365 Tenant Manager support?

Ms365 Tenant Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ms365 Tenant Manager?

It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v2.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments