← Back to Skills Marketplace
eggyrooch-blip

User Provision

by eggyrooch-blip · GitHub ↗ · v0.5.0 · MIT-0
cross-platform ⚠ suspicious
81
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install user-provision
Description
在 Office 365(世纪互联)与 Adobe Creative Cloud 批量或单人开户——自动授权、重置密码、发通知邮件。两侧相互独立,用户可选一个或两个。USE WHEN 新增用户, 开户, 新员工开账号, 建账号, 批量开户, provision user, 加 office, 加 adobe, 给...
Usage Guidance
This skill will run a third‑party Python CLI (cloning https://github.com/eggyrooch-blip/office365-tools), install packages, and requires many sensitive secrets (Entra/Adobe service creds and SMTP passwords). Before installing: 1) Confirm the registry metadata be updated to list the required env vars and permissions; the current omission is a red flag. 2) Review the GitHub repo source yourself (or have security review it) to ensure no unexpected behavior, hardcoded exfil endpoints, or privilege escalation. 3) Use least‑privilege credentials (service principals scoped only to needed Graph API scopes) and consider short‑lived or scoped secrets; do not reuse high‑privilege admin secrets. 4) Run first in an isolated/test tenant or sandbox. 5) Prefer storing SMTP/secret values in a secrets manager rather than plaintext .env if possible. If you cannot review the repo or obtain corrected metadata, treat this skill as risky and avoid giving it production credentials or enabling unattended/autonomous invocation.
Capability Analysis
Type: OpenClaw Skill Name: user-provision Version: 0.5.0 The skill facilitates user provisioning for Office 365 and Adobe CC but introduces significant supply chain risk by requiring the agent to clone and execute code from an external GitHub repository (eggyrooch-blip/office365-tools). It instructs the agent to store highly sensitive credentials, including Entra App secrets, Adobe API secrets, and SMTP passwords, in a local .env file within that cloned repository. While the instructions include some defensive guidelines (e.g., not logging passwords), the pattern of fetching external code to handle broad administrative permissions (User.ReadWrite.All) is a high-risk behavior that could lead to credential exfiltration or unauthorized execution if the remote repository is compromised or malicious.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The described purpose (provisioning O365 世纪互联 and Adobe UMAPI users) matches the actions in SKILL.md (creating accounts, assigning licenses, sending notification email). However the registry metadata declared no required env vars or credentials while the SKILL.md explicitly requires many sensitive environment variables (Entra CLIENT_ID/CLIENT_SECRET, ADOBE_CLIENT_SECRET, SMTP_PASSWORD, etc.). That metadata/instruction mismatch is a significant incoherence.
Instruction Scope
SKILL.md instructs the agent to git clone a third‑party repo, create a .env with secrets, pip install requirements, and run python CLI commands that will call Microsoft/Adobe APIs and send SMTP emails. Those runtime steps are within the stated provisioning purpose, but they require executing external code and accessing many secrets and local paths (repo state files, working dir). The instructions also grant broad discretion to 'check the repo' for implementation details, which increases the agent's freedom to read/execute repository contents.
Install Mechanism
There is no formal install spec, but SKILL.md requires cloning and running a GitHub repository (https://github.com/eggyrooch-blip/office365-tools) and pip installing its requirements. Pulling and executing unreviewed code from a third‑party GitHub repo is higher risk than instruction-only behavior; while GitHub is a normal host, the repo is not a recognized official vendor and will write files to disk and install Python packages.
Credentials
The environment variables and secrets requested in SKILL.md are proportional to the task (service principals for Entra, Adobe credentials, SMTP creds). However the registry metadata claimed no required env/primary credential—this omission is inconsistent and reduces transparency. Requiring high‑privilege Graph API permissions (User.ReadWrite.All, LicenseAssignment.ReadWrite.All) is expected for provisioning but requires careful least‑privilege configuration and audit.
Persistence & Privilege
always:false and normal autonomous invocation settings are used (no forced always-on). The skill expects to clone a repo and create local state (.env, state/adobe_state.json), which is typical for a CLI-based workflow but means the agent will write persistent files. This is acceptable for the stated task but increases the surface if combined with the other concerns above.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install user-provision
  3. After installation, invoke the skill by name or use /user-provision
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.5.0
加 GitHub 仓库指引:https://github.com/eggyrooch-blip/office365-tools
v0.4.0
env 模板内联到 skill.md(ClawHub 只发布 skill.md)
v0.3.0
env.example 随包发布(ClawHub 过滤 dotfile,改名无点)
v0.2.0
frontmatter 显式声明 required_env / optional_env / requires,加 Prerequisites 段;CLI adobe create 默认 adobeID(邀请模式)
v0.1.0
初版:Office 365(世纪互联)+ Adobe CC 新员工开账号,自动授权(Adobe 默认 All Apps)+ SMTP 通知邮件
Metadata
Slug user-provision
Version 0.5.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is User Provision?

在 Office 365(世纪互联)与 Adobe Creative Cloud 批量或单人开户——自动授权、重置密码、发通知邮件。两侧相互独立,用户可选一个或两个。USE WHEN 新增用户, 开户, 新员工开账号, 建账号, 批量开户, provision user, 加 office, 加 adobe, 给... It is an AI Agent Skill for Claude Code / OpenClaw, with 81 downloads so far.

How do I install User Provision?

Run "/install user-provision" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is User Provision free?

Yes, User Provision is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does User Provision support?

User Provision is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created User Provision?

It is built and maintained by eggyrooch-blip (@eggyrooch-blip); the current version is v0.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments