← Back to Skills Marketplace
mattiacirillo

Openclaw Intune Skill

by Mattia Cirillo · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
587
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-intune-skill
Description
A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups,...
Usage Guidance
This skill appears to be what it claims — a full Intune Graph API instruction set — but the published metadata incorrectly omits the required Azure credentials. Before installing: (1) do not provide high-privilege client secrets into a skill without verifying provenance — confirm the author and repository (kaffeeundcode.com) and ideally review SKILL.md yourself; (2) prefer using an App Registration with least-privilege Graph application permissions and consider certificate-based auth or managed identity rather than a long-lived client secret; (3) test in a non-production tenant first (use a test tenant or sandbox); (4) verify that your OpenClaw deployment will prompt you for INTUNE_TENANT_ID/CLIENT_ID/CLIENT_SECRET rather than silently reading them from an unexpected place; (5) be aware the skill can perform destructive actions (wipe/retire/delete) — ensure confirmations are enforced and consider restricting the agent's ability to run destructive flows automatically. If you cannot confirm the metadata/credential mismatch or author identity, do not install in a production environment.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-intune-skill Version: 1.0.1 The skill provides extremely broad and powerful capabilities for 'complete management' of Microsoft Intune, requiring extensive Graph API permissions (e.g., `ReadWrite.All` for devices, apps, policies, groups). While the `SKILL.md` includes explicit and robust safety instructions for the AI agent, requiring confirmation for all modifying/destructive actions and double-confirmation for critical operations like 'Wipe Device', the nature of an AI agent executing markdown instructions means these safety rules could potentially be bypassed by a sophisticated prompt injection attack from an external user. This combination of high-privilege capabilities and the inherent vulnerability of prompt-following agents, despite the developer's intent for safety, classifies it as suspicious.
Capability Assessment
Purpose & Capability
The skill claims full Microsoft Intune management and its SKILL.md requires an Azure AD app (tenant id, client id, client secret) and Graph application permissions that are appropriate for that purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and may mislead installers.
Instruction Scope
The SKILL.md contains explicit API endpoints, OAuth token flow, and safety rules (double confirmation for wipes/retire/delete, formatting of output, error handling). It does not instruct the agent to read unrelated files, call unknown external endpoints, or exfiltrate data beyond Graph API calls. Destructive actions are allowed but require confirmations per the instructions.
Install Mechanism
This is an instruction-only skill with no install spec and no code to write to disk — low install risk. The README provides a simple copy-to-workspace installation step.
Credentials
The SKILL.md legitimately requires INTUNE_TENANT_ID, INTUNE_CLIENT_ID, and INTUNE_CLIENT_SECRET and lists broad Microsoft Graph application permissions (Directory.Read.All, Group.ReadWrite.All, DeviceManagement*.ReadWrite.All, etc.). Those are high-privilege secrets and permissions but are proportionate to full Intune management. The concern is the mismatch with the registry metadata (which lists no required env vars/primary credential), increasing the chance that the user or platform will not surface or secure these credentials correctly. Also consider requiring certificate-based credentials or managed identities instead of long-lived client secrets.
Persistence & Privilege
The skill does not request always:true, has no OS restrictions, and is user-invocable. It does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not excessive here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-intune-skill
  3. After installation, invoke the skill by name or use /openclaw-intune-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Added required environment variable declarations (INTUNE_TENANT_ID, INTUNE_CLIENT_ID, INTUNE_CLIENT_SECRET) to fix security flag. Added homepage link.
v1.0.0
Initial release: Enables comprehensive Microsoft Intune management via Graph API. - Complete coverage for device, app, policy, compliance, user, group, reporting, Autopilot, PowerShell script management, and all remote device actions. - Detailed authentication requirements and guidance, including OAuth 2.0 flow and required permissions. - Strict safety and confirmation protocols for sensitive actions (e.g., wipe, retire, delete, policy changes). - Clear instructions for presenting data in readable formats with error-handling in simple German. - Organized API endpoint references for all major Intune management scenarios.
Metadata
Slug openclaw-intune-skill
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Openclaw Intune Skill?

A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups,... It is an AI Agent Skill for Claude Code / OpenClaw, with 587 downloads so far.

How do I install Openclaw Intune Skill?

Run "/install openclaw-intune-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Openclaw Intune Skill free?

Yes, Openclaw Intune Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Openclaw Intune Skill support?

Openclaw Intune Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Openclaw Intune Skill?

It is built and maintained by Mattia Cirillo (@mattiacirillo); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments