← 返回 Skills 市场
M365 Spam Manager
作者
Thomas J. Radman
· GitHub ↗
· v0.1.2
614
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install m365-spam-manager
功能描述
Manages Microsoft 365 junk mail by analyzing spam patterns, scoring suspicious emails, and assisting with review or automatic cleanup of Outlook/Exchange spa...
使用说明 (SKILL.md)
M365 Spam Manager (Microsoft Graph)
Installation
Requires Node.js + npm install in the skill folder:
cd skills/m365-spam-manager
npm install
Setup
Uses the same profile/credentials as m365-mailbox. Ensure you have a profile configured:
node skills/m365-mailbox/scripts/setup.mjs --profile tom-business ...
Usage
Review mode (default) — user must approve each action
# Analyze junk folder and show suspicious scores (review mode - default)
node skills/m365-spam-manager/scripts/analyze.mjs --profile tom-business-mail --mailbox [email protected]
# Move a false positive to inbox (requires confirmation)
node skills/m365-spam-manager/scripts/move-to-inbox.mjs --profile tom-business-mail --mailbox [email protected] --id \x3CMSG_ID>
# Move confirmed spam to learning folder
node skills/m365-spam-manager/scripts/move-to-learning.mjs --profile tom-business-mail --mailbox [email protected] --id \x3CMSG_ID>
Automatic mode (no confirmation)
# Auto-clean: move high-confidence spam to learning, medium to review
node skills/m365-spam-manager/scripts/auto-clean.mjs --profile tom-business-mail --mailbox [email protected] --threshold 80
Suspicious Score Calculation
The analyzer calculates a score (0-100) based on:
| Pattern | Points | Description |
|---|---|---|
| No unsubscribe link | +20 | Legitimate marketing must have one |
| Suspicious sender domain | +15 | Free email, misspellings, random strings |
| All caps subject | +10 | Spam often shouts |
| Excessive punctuation | +10 | !!!, ???, $$$ |
| Suspicious keywords | +15 | crypto, win, free, urgent, verify, bank, password, ... |
| Mismatched language | +10 | Subject in DE, body EN or vice versa |
| Known scam patterns | +25 | "Attention - suspected SPAM", fake invoices |
| Free email provider | +10 | gmail, yahoo, hotmail in From (not Reply-To) |
| No DKIM/SPF indication | +5 | Graph doesn't show auth results |
Score thresholds
- 0-30: Low suspicion — likely legitimate
- 31-70: Medium — review recommended
- 71-100: High — almost certainly spam
Policy
This skill respects the same policy as m365-mailbox:
read: autonomous (analyze, list)move: controlled (move to inbox/learning folder)
In review mode, the script always prompts for confirmation before moving emails.
安全使用建议
This skill appears to implement what it claims (reading junk mail, scoring, labeling/moving messages via Microsoft Graph) but has a few inconsistencies you should handle before installing:
- The skill expects an m365-mailbox profile and token cache under ~/.openclaw/secrets/m365-mailbox (clientId/tenant and token cache). The skill metadata does not declare these config paths — verify those files exist and inspect them before use.
- The scripts will read and may write the token cache file. Make a backup of your token cache/profile before running and ensure you trust the author.
- Confirm the Graph permissions requested (Mail.Read, Mail.ReadWrite) are appropriate for your use case. Prefer running in review/dry-run mode first (the code supports dry runs) before enabling any automatic 'move' operations.
- The code pulls dependencies from npm. Ensure you run npm install in a controlled environment and run with a Node version compatible with @azure/msal-node (msal may require Node >=20).
- Review the included scripts yourself (they are unobfuscated) or run them in a test account. There are no hidden network endpoints besides graph.microsoft.com and npm registries, but the registry source is unknown — prefer obtaining this skill from a trusted source or verifying the full code prior to use.
If you need higher assurance, request the skill publisher's homepage or source repository, or ask for metadata updates that declare the required config paths and Node engine constraints. If you cannot inspect or verify the token/profile files, treat the skill as untrusted for production mailboxes.
功能分析
Type: OpenClaw Skill
Name: m365-spam-manager
Version: 0.1.2
The OpenClaw AgentSkills skill bundle 'm365-spam-manager' is classified as benign. Its purpose is to analyze and manage Microsoft 365 spam, which it achieves by interacting with the Microsoft Graph API. The skill uses appropriate `Mail.Read` and `Mail.ReadWrite` permissions for its stated functions (reading, categorizing, and moving emails). Credential handling is secure, storing tokens and configuration in the expected `~/.openclaw/secrets/m365-mailbox` directory, and command-line arguments are properly sanitized (e.g., `encodeURIComponent` for URL parameters in `scripts/_graph.mjs`, `scripts/analyze.mjs`, `scripts/move-to-inbox.mjs`, `scripts/move-to-learning.mjs`). There is no evidence of malicious intent, data exfiltration to unauthorized endpoints, persistence mechanisms, or prompt injection attempts in `SKILL.md`.
能力评估
Purpose & Capability
The name/description (M365 spam manager) align with the code: scripts use Microsoft Graph to read and label/move mail, create categories, and compute spam scores. The dependency (@azure/msal-node) is expected. However the skill depends on an external profile/token cache created by a separate 'm365-mailbox' setup (profile files under ~/.openclaw/secrets/m365-mailbox). The skill's registry metadata declared no config paths / credentials, which is inconsistent with the code that requires those profile and token cache files.
Instruction Scope
SKILL.md instructs running npm install and using an m365-mailbox profile; the runtime scripts read and (in MSAL's afterCacheAccess) may write the token cache file under the user's home (~/.openclaw/secrets/m365-mailbox). Scripts also create mailbox categories and folders and call Graph endpoints. There are no other external endpoints or obfuscated network calls. The concern is the instructions/code assume and access local secrets/config files that are not declared in metadata and that the README does not fully surface (token caches, exact path, required Node version).
Install Mechanism
There is no registry install spec; SKILL.md asks the user to run npm install in the skill folder. Dependencies come from npm (package-lock.json lists @azure/msal-node and other normal libs) — this is standard. Note: msal's package metadata indicates newer Node engine requirements (msal-node lists node >=20), while SKILL.md just says 'Node.js + npm', which could cause runtime issues if node version is older.
Credentials
The skill requests no environment variables in registry metadata, but the code requires access to profile configuration and token cache files in ~/.openclaw/secrets/m365-mailbox (reads cfg to get clientId and tenant, reads and may overwrite token cache). Those files contain sensitive authentication data / tokens. It's reasonable for a Graph mailbox tool to need mailbox tokens, but the metadata should declare these config-path requirements. The skill also requires Mail.Read or Mail.ReadWrite Graph scopes depending on the script — that matches functionality but should be highlighted to users.
Persistence & Privilege
The skill is not always: true and does not request system-wide persistent privilege. It can write to its own token cache file via MSAL (typical) and it will create categories/folders in the mailbox (expected). It does not modify other skills or system config. Autonomous invocation is allowed (default), which increases blast radius but is normal for skills; combine with other flags before granting broad trust.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install m365-spam-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/m365-spam-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
Major scoring improvement: known spammers (Temu, Lowes, kaballeros) now auto-score 90+, plus suspicious TLDs, free email providers, urgency/money/scam keywords, legit company check to reduce false positives.
v0.1.0
Initial release: analyze junk folder, calculate suspicious score (0-100) based on patterns (no unsubscribe, free email, scam keywords, language mismatch, etc.), move false positives to inbox, move confirmed spam to learning folder (Junk Examples). Review mode default.
元数据
常见问题
M365 Spam Manager 是什么?
Manages Microsoft 365 junk mail by analyzing spam patterns, scoring suspicious emails, and assisting with review or automatic cleanup of Outlook/Exchange spa... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 614 次。
如何安装 M365 Spam Manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install m365-spam-manager」即可一键安装,无需额外配置。
M365 Spam Manager 是免费的吗?
是的,M365 Spam Manager 完全免费(开源免费),可自由下载、安装和使用。
M365 Spam Manager 支持哪些平台?
M365 Spam Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 M365 Spam Manager?
由 Thomas J. Radman(@tradmangh)开发并维护,当前版本 v0.1.2。
推荐 Skills