← 返回 Skills 市场
3011
总下载
4
收藏
12
当前安装
1
版本数
在 OpenClaw 中安装
/install mcp-microsoft365
功能描述
Integrate Microsoft 365 to manage Outlook email, calendar events, OneDrive files, Tasks, Teams chats, and user profiles via Microsoft Graph and MCP protocol.
安全使用建议
This skill implements a full Microsoft 365 integration and needs tenant-level Azure app credentials (TENANT_ID, CLIENT_ID, CLIENT_SECRET) and admin-consented application permissions. Before installing: 1) Don’t trust the registry metadata alone — it fails to list the required secrets; verify SKILL.md and code. 2) Only install if you trust the author and you understand the privileges you will grant — the requested permissions give tenant-wide read/write access to mail, files, Teams, and users. 3) Prefer creating a dedicated least-privilege Azure app (grant only the exact permissions you need), use a test or limited tenant, and avoid granting Mail.Send or Files.ReadWrite.All unless absolutely necessary. 4) Rotate and store the client secret securely; do not reuse high-priv creds. 5) If you must run in production, consider restricting the app (permission scoping, conditional access) and review the source code yourself (it only calls Microsoft identity and graph endpoints). 6) Be aware that the agent may invoke the skill autonomously; combine that with strong controls and monitoring (audit logs, limited service account) to reduce risk.
功能分析
Type: OpenClaw Skill
Name: mcp-microsoft365
Version: 1.0.0
The skill is classified as suspicious due to the extremely broad Microsoft Graph API permissions it requests and utilizes, such as `Files.Read.All`, `Mail.Read.All`, `Chat.Read.All`, and `User.Read.All`. While these permissions are explicitly documented in `SKILL.md` and `README.md` as requirements for 'full Microsoft 365 integration' and the `src/index.ts` code only interacts with legitimate Microsoft endpoints (Azure AD for authentication, Microsoft Graph for API calls), the inherent capability to access and potentially exfiltrate a vast amount of sensitive organizational data (all files, emails, chats, and user profiles across the organization) represents a significant risk if the skill or the underlying Azure application credentials were ever compromised or misused. There is no evidence of intentional malicious behavior in the code itself, but the broad permissions elevate it beyond benign.
能力评估
Purpose & Capability
The name, README, SKILL.md and src/index.ts all implement a Microsoft 365 MCP server (Graph API calls for mail, calendar, OneDrive, Teams, users). That is internally consistent with the stated purpose. However the registry metadata lists no required environment variables or primary credential while both SKILL.md and src/index.ts clearly require TENANT_ID, CLIENT_ID, CLIENT_SECRET (and optionally DEFAULT_USER). The metadata omission is an incoherence that hides the need for sensitive credentials.
Instruction Scope
SKILL.md gives precise setup steps (create Azure Entra app, grant admin consent for many Application permissions, store client secret in env, add mcporter config). The instructions do not attempt to read arbitrary local files or call unexpected endpoints — the code only calls Microsoft identity and Graph endpoints. But the instructions explicitly require admin consent and a wide set of application permissions, which is scope-expanding and high-risk for tenant-wide access. Also the runtime instructions reference environment variables that the registry metadata did not declare.
Install Mechanism
No remote download/extract install spec. This is an instruction/code bundle using standard npm dependencies (@modelcontextprotocol/sdk and dotenv). There are no URLs to arbitrary servers or obfuscated installers in the repo. Building and running is via tsc/npm which is normal.
Credentials
The skill requires tenant-level Graph application credentials (client id/secret/tenant) and SKILL.md asks for admin consent to Application permissions including Mail.ReadWrite, Files.ReadWrite.All, Chat.ReadWrite.All, User.Read.All, etc. These permissions permit read/write access across the entire tenant (emails, files, Teams chats, send-as capabilities). The number and scope of secrets is appropriate for the implemented functionality, but the privileges requested are broad and powerful — greater than a per-user least-privilege integration. Additionally, the package registry metadata did not declare these env vars/credentials, reducing transparency.
Persistence & Privilege
always is false (good), and disable-model-invocation is false (default). However because the skill operates with tenant-level credentials (admin-consented application permissions), allowing the agent to invoke this skill autonomously increases the blast radius — the agent could perform organization-wide actions (read mail/files, send mail, access chats) without further user interaction. This combination (autonomous invocation + tenant-wide creds) is high risk even though autonomy by itself is normal.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mcp-microsoft365 - 安装完成后,直接呼叫该 Skill 的名称或使用
/mcp-microsoft365触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - 19 tools for Microsoft 365:
- Outlook (mail)
- Calendar
- OneDrive
- Tasks (To-Do)
- Teams
- Users
元数据
常见问题
Microsoft 365 MCP Server 是什么?
Integrate Microsoft 365 to manage Outlook email, calendar events, OneDrive files, Tasks, Teams chats, and user profiles via Microsoft Graph and MCP protocol. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3011 次。
如何安装 Microsoft 365 MCP Server?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mcp-microsoft365」即可一键安装,无需额外配置。
Microsoft 365 MCP Server 是免费的吗?
是的,Microsoft 365 MCP Server 完全免费(开源免费),可自由下载、安装和使用。
Microsoft 365 MCP Server 支持哪些平台?
Microsoft 365 MCP Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Microsoft 365 MCP Server?
由 makhatib(@makhatib)开发并维护,当前版本 v1.0.0。
推荐 Skills