← Back to Skills Marketplace
10967
Downloads
20
Stars
99
Active Installs
1
Versions
Install in OpenClaw
/install outlook
Description
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar events, or scheduling.
Usage Guidance
Install only if you are comfortable letting the agent read and modify Outlook mail, send messages as you, and change calendar events. Treat ~/.outlook-mcp as sensitive credential storage, avoid using the token-printing command unless necessary, review every send/delete/bulk/calendar-change action, and do not download attachments with suspicious names or to sensitive directories until the download path handling is fixed.
Capability Analysis
Type: OpenClaw Skill
Name: outlook
Version: 1.3.0
The skill is classified as suspicious due to a path traversal vulnerability in the `scripts/outlook-mail.sh` file, specifically within the `download` command. This vulnerability allows an attacker to write email attachment content to arbitrary file paths on the agent's filesystem by crafting a malicious attachment name (e.g., `../../.bashrc`). While not clear evidence of intentional malicious behavior by the skill developer, this flaw provides a powerful primitive for a malicious prompt to exploit, potentially leading to persistence or arbitrary code execution. Additionally, the skill requests broad permissions (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite) which, while aligned with its stated purpose, represent high-risk capabilities.
Capability Assessment
Purpose & Capability
Reading, searching, sending, moving, deleting, and scheduling through Microsoft Graph matches the stated Outlook-management purpose, but these are high-impact account capabilities.
Instruction Scope
The documented commands include sending/replying/forwarding email, deleting or moving mail, bulk delete, folder deletion, and calendar create/update/delete with no built-in confirmation or dry-run guard.
Install Mechanism
Setup is disclosed in the skill documentation and uses Azure CLI plus jq to create an Azure app registration, add Microsoft Graph permissions, and save local configuration.
Credentials
Microsoft Graph access is expected, but the attachment download command writes decoded attachment content to a caller-supplied path using the remote attachment name without path normalization, allowing path traversal or unintended overwrite under the user's filesystem permissions.
Persistence & Privilege
The skill stores a client secret, access token, and refresh token in ~/.outlook-mcp with chmod 600 and exposes a command that prints the raw access token; this is disclosed but sensitive given Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, and offline_access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install outlook - After installation, invoke the skill by name or use
/outlook - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Added calendar support (view/create/update/delete events, check availability)
Metadata
Frequently Asked Questions
What is Outlook?
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar events, or scheduling. It is an AI Agent Skill for Claude Code / OpenClaw, with 10967 downloads so far.
How do I install Outlook?
Run "/install outlook" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Outlook free?
Yes, Outlook is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Outlook support?
Outlook is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Outlook?
It is built and maintained by jotamed (@jotamed); the current version is v1.3.0.
More Skills