← Back to Skills Marketplace
makhatib

Microsoft 365 MCP Server

by makhatib · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
3011
Downloads
4
Stars
12
Active Installs
1
Versions
Install in OpenClaw
/install mcp-microsoft365
Description
Integrate Microsoft 365 to manage Outlook email, calendar events, OneDrive files, Tasks, Teams chats, and user profiles via Microsoft Graph and MCP protocol.
Usage Guidance
This skill implements a full Microsoft 365 integration and needs tenant-level Azure app credentials (TENANT_ID, CLIENT_ID, CLIENT_SECRET) and admin-consented application permissions. Before installing: 1) Don’t trust the registry metadata alone — it fails to list the required secrets; verify SKILL.md and code. 2) Only install if you trust the author and you understand the privileges you will grant — the requested permissions give tenant-wide read/write access to mail, files, Teams, and users. 3) Prefer creating a dedicated least-privilege Azure app (grant only the exact permissions you need), use a test or limited tenant, and avoid granting Mail.Send or Files.ReadWrite.All unless absolutely necessary. 4) Rotate and store the client secret securely; do not reuse high-priv creds. 5) If you must run in production, consider restricting the app (permission scoping, conditional access) and review the source code yourself (it only calls Microsoft identity and graph endpoints). 6) Be aware that the agent may invoke the skill autonomously; combine that with strong controls and monitoring (audit logs, limited service account) to reduce risk.
Capability Analysis
Type: OpenClaw Skill Name: mcp-microsoft365 Version: 1.0.0 The skill is classified as suspicious due to the extremely broad Microsoft Graph API permissions it requests and utilizes, such as `Files.Read.All`, `Mail.Read.All`, `Chat.Read.All`, and `User.Read.All`. While these permissions are explicitly documented in `SKILL.md` and `README.md` as requirements for 'full Microsoft 365 integration' and the `src/index.ts` code only interacts with legitimate Microsoft endpoints (Azure AD for authentication, Microsoft Graph for API calls), the inherent capability to access and potentially exfiltrate a vast amount of sensitive organizational data (all files, emails, chats, and user profiles across the organization) represents a significant risk if the skill or the underlying Azure application credentials were ever compromised or misused. There is no evidence of intentional malicious behavior in the code itself, but the broad permissions elevate it beyond benign.
Capability Assessment
Purpose & Capability
The name, README, SKILL.md and src/index.ts all implement a Microsoft 365 MCP server (Graph API calls for mail, calendar, OneDrive, Teams, users). That is internally consistent with the stated purpose. However the registry metadata lists no required environment variables or primary credential while both SKILL.md and src/index.ts clearly require TENANT_ID, CLIENT_ID, CLIENT_SECRET (and optionally DEFAULT_USER). The metadata omission is an incoherence that hides the need for sensitive credentials.
Instruction Scope
SKILL.md gives precise setup steps (create Azure Entra app, grant admin consent for many Application permissions, store client secret in env, add mcporter config). The instructions do not attempt to read arbitrary local files or call unexpected endpoints — the code only calls Microsoft identity and Graph endpoints. But the instructions explicitly require admin consent and a wide set of application permissions, which is scope-expanding and high-risk for tenant-wide access. Also the runtime instructions reference environment variables that the registry metadata did not declare.
Install Mechanism
No remote download/extract install spec. This is an instruction/code bundle using standard npm dependencies (@modelcontextprotocol/sdk and dotenv). There are no URLs to arbitrary servers or obfuscated installers in the repo. Building and running is via tsc/npm which is normal.
Credentials
The skill requires tenant-level Graph application credentials (client id/secret/tenant) and SKILL.md asks for admin consent to Application permissions including Mail.ReadWrite, Files.ReadWrite.All, Chat.ReadWrite.All, User.Read.All, etc. These permissions permit read/write access across the entire tenant (emails, files, Teams chats, send-as capabilities). The number and scope of secrets is appropriate for the implemented functionality, but the privileges requested are broad and powerful — greater than a per-user least-privilege integration. Additionally, the package registry metadata did not declare these env vars/credentials, reducing transparency.
Persistence & Privilege
always is false (good), and disable-model-invocation is false (default). However because the skill operates with tenant-level credentials (admin-consented application permissions), allowing the agent to invoke this skill autonomously increases the blast radius — the agent could perform organization-wide actions (read mail/files, send mail, access chats) without further user interaction. This combination (autonomous invocation + tenant-wide creds) is high risk even though autonomy by itself is normal.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mcp-microsoft365
  3. After installation, invoke the skill by name or use /mcp-microsoft365
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - 19 tools for Microsoft 365: - Outlook (mail) - Calendar - OneDrive - Tasks (To-Do) - Teams - Users
Metadata
Slug mcp-microsoft365
Version 1.0.0
License
All-time Installs 14
Active Installs 12
Total Versions 1
Frequently Asked Questions

What is Microsoft 365 MCP Server?

Integrate Microsoft 365 to manage Outlook email, calendar events, OneDrive files, Tasks, Teams chats, and user profiles via Microsoft Graph and MCP protocol. It is an AI Agent Skill for Claude Code / OpenClaw, with 3011 downloads so far.

How do I install Microsoft 365 MCP Server?

Run "/install mcp-microsoft365" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Microsoft 365 MCP Server free?

Yes, Microsoft 365 MCP Server is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Microsoft 365 MCP Server support?

Microsoft 365 MCP Server is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Microsoft 365 MCP Server?

It is built and maintained by makhatib (@makhatib); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments