← Back to Skills Marketplace
jrskerrett

OpenCloutlook

by Jon · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
448
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-msgraph
Description
Read and manage Microsoft Outlook email (inbox, folders, move messages) and Outlook calendar (list events, create events) via Microsoft Graph API. Use when t...
Usage Guidance
What to check before installing/using this skill: 1) Protect tokens: The skill stores access and refresh tokens at ~/.openclaw/msgraph-tokens.json. Treat that file as sensitive (chmod 600 is used by the scripts). Do not run auth.py token in environments where console output or logs are shared, because it prints the raw access token. 2) Docs vs code mismatch: The README/SETUP.md sometimes reference CLIENT_ID uppercase while auth.py reads 'client_id' (lowercase). Ensure your config.ini uses the key names the script expects (check config.example.ini) or fix the mismatch before authenticating. 3) Agent safety: auth.py calls sys.exit() on auth errors (and can raise KeyError at import if config keys are missing). If you plan to call these scripts from a long‑running agent process, be aware an auth error could terminate the process. Consider running these scripts as subprocesses or modifying the code to raise exceptions instead of exiting. 4) Sensitive data in LLM prompts: Example code shows building prompts containing email subjects, senders, and (in other helpers) stripped bodies to send to third‑party LLMs. Be cautious — sending inbox content to external LLM providers may leak private data. Review and sanitize any content before forwarding it. 5) Verify redirect URI/port: Setup docs have inconsistent redirect URI examples (a small mismatch between pages and the default port 8765). Make sure Azure app redirect URIs match the REDIRECT_PORT in your config.ini. 6) Audit before use: The code uses only Microsoft endpoints and local HTTP redirects for PKCE, and there are no suspicious external endpoints, but review the scripts (auth.py, graph_api.py, mail.py, cal.py) in your environment before granting access to avoid accidental leaks. If you need higher assurance, run the included tests locally and consider changing sys.exit() behavior to exceptions.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-msgraph Version: 1.0.0 The skill is classified as suspicious due to a vulnerability in how it constructs API request URLs. The `graph_api.py` module directly concatenates user-controlled identifiers (like `message_id`, `event_id`, `folder_id`, `calendar_id`) from `mail.py` and `cal.py` into the URL path without explicit sanitization or validation. While these IDs are typically opaque strings from the Microsoft Graph API, a lack of input validation could allow an attacker to inject path traversal sequences (e.g., `../`) or other malicious strings if they can manipulate the agent's input, potentially leading to unintended API calls or API path traversal on the Microsoft Graph endpoint. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts within the `SKILL.md` itself.
Capability Assessment
Purpose & Capability
Name/description match the included scripts: auth.py, mail.py, cal.py, and graph_api.py provide Microsoft Graph access for mail and calendar. No unrelated services, binaries, or credentials are requested. The files and claimed capabilities (list/read/move email, list/create events) are consistent with the stated purpose.
Instruction Scope
SKILL.md and the included examples instruct running the included scripts and storing tokens at ~/.openclaw/msgraph-tokens.json, which is expected. However, there are multiple runtime behaviors to watch: (1) There is a documented command that prints the current access token (python scripts/auth.py token) — exposing the token in logs/console could leak access. (2) Example code (examples/llm_integration.py) explicitly formats email/calendar content for LLM prompts and demonstrates sending that data to third‑party LLMs — this is a data‑exfiltration vector if used without care. (3) auth.get_access_token() and some command paths call sys.exit() on errors (e.g., not authenticated or refresh failure); if these scripts are invoked inside a long‑running agent process the script's exit behavior could terminate the process unexpectedly. The SKILL.md does not warn about these consequences.
Install Mechanism
No install spec — instruction-only skill with bundled Python scripts. No remote downloads, package installs, or archive extraction are present. This is lower-risk from an install-mechanism perspective.
Credentials
The skill declares no required environment variables or primary credential. It does require a local config.ini (client_id, tenant, scopes, redirect_port) and stores OAuth tokens under ~/.openclaw/msgraph-tokens.json. That is proportionate for an OAuth-based Graph integration. However, the registry/docs have inconsistencies about config key casing (README/SETUP.md sometimes reference CLIENT_ID uppercase; auth.py reads cfg['client_id'] lowercase). That mismatch can cause runtime failures (KeyError) and is a coherence issue to resolve before use.
Persistence & Privilege
The skill persists OAuth tokens to ~/.openclaw/msgraph-tokens.json (mode 0600) and auto-refreshes tokens, which is expected for a Graph client. always:false (not forced into every agent run). Still, persistent long‑lived refresh tokens are sensitive — users should protect the token file and understand how to revoke access (docs provide instructions).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-msgraph
  3. After installation, invoke the skill by name or use /openclaw-msgraph
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Outlook email and calendar management via Microsoft Graph API with PKCE auth. 114 tests, 82% coverage.
Metadata
Slug openclaw-msgraph
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is OpenCloutlook?

Read and manage Microsoft Outlook email (inbox, folders, move messages) and Outlook calendar (list events, create events) via Microsoft Graph API. Use when t... It is an AI Agent Skill for Claude Code / OpenClaw, with 448 downloads so far.

How do I install OpenCloutlook?

Run "/install openclaw-msgraph" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenCloutlook free?

Yes, OpenCloutlook is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenCloutlook support?

OpenCloutlook is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenCloutlook?

It is built and maintained by Jon (@jrskerrett); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments