← Back to Skills Marketplace
OfficeClaw
by
Daniel Thomas
· GitHub ↗
· v1.0.4
· MIT-0
893
Downloads
2
Stars
4
Active Installs
5
Versions
Install in OpenClaw
/install officeclaw
Description
Connect to personal Microsoft accounts via Microsoft Graph API to manage email, calendar events, and tasks. Use this skill when the user needs to read/write...
Usage Guidance
This skill appears coherent and implements a typical Microsoft Graph CLI workflow, but be aware: (1) the registry entry is instruction-only — the actual code runs from the officeclaw PyPI package, so inspect the package (or its GitHub repo) before installing; (2) prefer creating your own Azure app registration and set OFFICECLAW_CLIENT_ID rather than using any default app; (3) follow least-privilege advice when granting permissions and keep write/send/delete features disabled unless needed; (4) if you enable sending, configure OFFICECLAW_ALLOWED_RECIPIENTS to limit who the agent can message; and (5) verify the token cache (~/.officeclaw/token_cache.json) permissions and review the installed package for unexpected network calls or behaviors.
Capability Analysis
Type: OpenClaw Skill
Name: officeclaw
Version: 1.0.4
The officeclaw skill provides a legitimate integration with Microsoft Graph API for managing emails, calendars, and tasks. The documentation (SKILL.md) outlines clear security practices, including capability gates for write operations (disabled by default), a recipient allowlist for outbound emails, and secure local token storage. The instructions provided to the agent emphasize user confirmation for destructive actions and privacy respect, showing no signs of malicious intent or prompt injection attacks.
Capability Assessment
Purpose & Capability
The name/description match the requested resources: network access to graph.microsoft.com, a Python/CLI client, and one-time OAuth device-code setup. Required binaries (python/officeclaw) and the documented env vars (OFFICECLAW_CLIENT_ID, optional feature gates and allowlist) are appropriate for a Graph API client.
Instruction Scope
SKILL.md confines actions to installing the officeclaw package, performing device-code OAuth, and running CLI commands to read/write mail, calendar, and tasks. It documents where tokens are stored (~/.officeclaw/token_cache.json) and explicitly recommends least-privilege scopes and an allowlist for sending — all within the expected scope.
Install Mechanism
The skill is instruction-only (no install spec in the registry) and instructs users to pip install officeclaw from PyPI. Installing a third-party PyPI package is a normal approach but carries the usual supply-chain risk; the registry bundle itself does not contain executable code.
Credentials
No unrelated credentials are requested. The env vars referenced (OFFICECLAW_CLIENT_ID, feature gates, and allowed recipients) directly map to OAuth and safety controls for mailing operations. Token storage in the user's home directory is typical for a CLI OAuth flow.
Persistence & Privilege
The skill is not set to always:true, is user-invocable, and stores its own tokens under ~/.officeclaw — behavior consistent with a user-authorized CLI client. It does not request system-wide or other skills' configuration access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install officeclaw - After installation, invoke the skill by name or use
/officeclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
feat(security): Recipient allowlist (OFFICECLAW_ALLOWED_RECIPIENTS) — restrict outbound email to configured addresses. Blocked attempts logged + alert file for monitoring. Runtime warning when sending enabled without allowlist. Critical for AI agent deployments.
v1.0.3
Add --html flag to mail send for HTML email bodies
v1.0.2
Capability gates (send/delete disabled by default), default public client ID (zero-config setup), least-privilege permissions guidance, synced docs
v1.0.1
Fix security warnings: declare env vars, add install instructions, document device code flow setup
v1.0.0
Initial release of officeclaw.
- Connects to personal Microsoft accounts via Microsoft Graph API.
- Manage Outlook mail: read, send, archive, and delete emails.
- Manage calendar: view, create, update, and delete events.
- Handle Microsoft To Do tasks: list, create, complete, and reopen tasks.
- Includes detailed setup instructions, command examples, error handling, and agent guidelines.
- Supports JSON output for structured parsing and automation.
Metadata
Frequently Asked Questions
What is OfficeClaw?
Connect to personal Microsoft accounts via Microsoft Graph API to manage email, calendar events, and tasks. Use this skill when the user needs to read/write... It is an AI Agent Skill for Claude Code / OpenClaw, with 893 downloads so far.
How do I install OfficeClaw?
Run "/install officeclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OfficeClaw free?
Yes, OfficeClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OfficeClaw support?
OfficeClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created OfficeClaw?
It is built and maintained by Daniel Thomas (@danielithomas); the current version is v1.0.4.
More Skills