← Back to Skills Marketplace
87marc

Outlook Delegate

by 87Marc · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
715
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install outlook-skill-clawhub
Description
Read, search, and manage Outlook emails and calendar via Microsoft Graph API with delegate support. Your AI assistant authenticates as itself but accesses the owner's mailbox/calendar as a delegate. Modified for delegate access from https://clawhub.ai/jotamed/outlook
Usage Guidance
This instruction-only skill generally describes a valid delegated Graph/Exchange workflow, but proceed carefully: 1) The package contains no scripts — the SKILL.md references ./scripts/*.sh that are missing. Do not copy/paste or run scripts from unknown sources; ask the publisher for the actual implementation or inspect them before use. 2) The doc recommends storing client_secret in plaintext at ~/.outlook-mcp/config.json — prefer a secure secret store or OS-provided credential manager and minimize how long secrets/tokens are readable on disk. 3) Delegate mailbox permissions (FullAccess, SendOnBehalf) and offline_access tokens are powerful: only grant them when you trust the assistant account and have auditing/revocation procedures. 4) Because there is no homepage or published source, verify the origin of any scripts or code you add; prefer registering an Azure app in your tenant with least-privilege delegated permissions and follow Microsoft security best practices. 5) If you want to proceed, request the missing scripts or a canonical source, review their contents, and consider doing initial tests in a non-production mailbox.
Capability Analysis
Type: OpenClaw Skill Name: outlook-skill-clawhub Version: 1.0.0 The skill provides extensive delegate access to an owner's Outlook mailbox and calendar, requiring broad permissions (Mail.ReadWrite.Shared, Mail.Send.Shared, Calendars.ReadWrite.Shared). It necessitates and stores highly sensitive credentials, including `client_secret` and OAuth tokens, locally in `~/.outlook-mcp/config.json` and `~/.outlook-mcp/credentials.json`. While the `SKILL.md` documentation is transparent about these requirements and warns about protecting the credentials, the inherent power of the skill and the local storage of critical secrets represent significant security risks, classifying it as suspicious due to its high-risk capabilities rather than explicit malicious intent.
Capability Assessment
Purpose & Capability
The name/description (Outlook delegate via Microsoft Graph) align with the instructions: the docs explain delegated OAuth flows, required delegated Graph permissions, Exchange mailbox delegate commands, and use of the /users/{owner} endpoint. The skill asks for the expected credentials (client_id/client_secret) and owner/delegate emails. Minor inconsistency: registry metadata lists no required env vars/primary credential, but the SKILL.md expects a local config file containing the client_id/client_secret — this is plausible but not declared in metadata.
Instruction Scope
The SKILL.md instructs running several scripts (./scripts/outlook-token.sh, outlook-mail.sh, outlook-calendar.sh) and using a config path (~/.outlook-mcp/config.json) but the skill bundle contains no code files — those scripts are not present. That means following these instructions would require the user to create or fetch additional code from elsewhere. The doc also advises storing client_secret directly in a plaintext config file and using mail/calendar FullAccess or SendOnBehalf permissions — both are functional for the purpose but present clear security and privilege implications that the user must accept intentionally.
Install Mechanism
No install spec and no code files are present; the skill is instruction-only, so nothing is automatically downloaded or written by an installer. That lowers installer risk but means the agent cannot actually run the referenced scripts unless the user or an external source supplies them.
Credentials
Requested secrets (client_id and client_secret) are appropriate for OAuth delegated access and are proportionate to the stated functionality. However, the SKILL.md recommends storing client_secret in plaintext at ~/.outlook-mcp/config.json, and the Exchange commands require high privileges (Add-MailboxPermission, Set-Mailbox). The skill does not request unrelated credentials, but it does require the owner/admin to grant broad mailbox/calendar access — a high-privilege action that should be limited and audited.
Persistence & Privilege
always is false and the skill does not request permanent platform-level privileges. It does instruct creation of a per-user config file and use of refresh tokens (offline_access) — meaning long-lived tokens may be stored locally. Combined with FullAccess or SendOnBehalf permissions, those tokens could be used to operate on the owner's mailbox until revoked, so the persistence implications are significant even if the skill itself is not marked always:true.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install outlook-skill-clawhub
  3. After installation, invoke the skill by name or use /outlook-skill-clawhub
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Outlook Delegate Skill v1.0.0 – Adds support for AI assistants to access and manage another user's Outlook mailbox/calendar as a delegate. - Breaking: API requests now use /users/{owner} endpoints instead of /me - Added: Config fields for owner_email and delegate_email - Added: Send-on-behalf support for outgoing mail with proper "From" field - Changed: Requires .Shared permissions (Mail/Calendars) in Azure AD - Added: Detailed delegate setup, troubleshooting, and token management documentation - Based on outlook v1.3.0 by jotamed, modified for delegate scenarios
Metadata
Slug outlook-skill-clawhub
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Outlook Delegate?

Read, search, and manage Outlook emails and calendar via Microsoft Graph API with delegate support. Your AI assistant authenticates as itself but accesses the owner's mailbox/calendar as a delegate. Modified for delegate access from https://clawhub.ai/jotamed/outlook. It is an AI Agent Skill for Claude Code / OpenClaw, with 715 downloads so far.

How do I install Outlook Delegate?

Run "/install outlook-skill-clawhub" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Outlook Delegate free?

Yes, Outlook Delegate is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Outlook Delegate support?

Outlook Delegate is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Outlook Delegate?

It is built and maintained by 87Marc (@87marc); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments