← 返回 Skills 市场
draeden79

Microsoft 365 Graph Openclaw

作者 draeden79 · GitHub ↗ · v0.2.2 · MIT-0
linuxdarwinwin32 ⚠ suspicious
497
总下载
1
收藏
4
当前安装
5
版本数
在 OpenClaw 中安装
/install microsoft-365-graph-openclaw
功能描述
Microsoft 365 Graph for OpenClaw with webhook-based wake signals. Reduce recurring LLM cost from inbox polling while managing Outlook mail, calendar, OneDriv...
安全使用建议
This repo appears to implement the described push-mode Graph integration, but you should not run the provided privileged setup scripts without review. Before installing: - Audit the setup scripts (run_mail_webhook_e2e_setup.sh, setup_mail_webhook_ec2.sh, run_mail_webhook_smoke_tests.sh, diagnose scripts) to see exactly what they install and what files they write under /etc and systemd. Use --dry-run where provided. - Do not rely on the default public client_id (Alitar) for production — register your own Entra app and use its client_id so tokens are under your control. - Expect to provide and securely store OPENCLAW_HOOK_TOKEN, OPENCLAW_HOOK_URL, and GRAPH_WEBHOOK_CLIENT_STATE; the registry metadata currently does not declare these env vars (metadata/documentation mismatch). Ensure these values are managed by a secrets manager and rotated if exposed. - Inspect state/graph_auth.json handling: it contains access/refresh tokens. Ensure the state directory permissions are locked down and is gitignored (the docs state it is ignored, but verify before committing). - If you will allow the scripts to patch OpenClaw config, back up ~/.openclaw/openclaw.json first and review any automated changes; prefer manual edits in sensitive/production environments. - If you cannot audit scripts or do not want services installed on the host, consider running the adapter/worker in a contained environment (container or separate VM) and avoid running the setup scripts with sudo. Given the privileged persistence and the metadata mismatch around required secrets, treat this skill as suspicious until you've completed the checks above and replaced the test client_id with one you control.
功能分析
Type: OpenClaw Skill Name: microsoft-365-graph-openclaw Version: 0.2.2 The skill provides a complex Microsoft Graph integration with a push-based webhook architecture. It includes several high-risk shell scripts (scripts/setup_mail_webhook_ec2.sh and scripts/run_mail_webhook_e2e_setup.sh) that require root privileges to install systemd services, modify Caddy configurations, and programmatically patch the main OpenClaw configuration file (openclaw.json). While these actions are documented and aligned with the stated goal of automating a production-grade deployment, the broad system-level modifications and the use of a hardcoded third-party Client ID (952d1b34-682e-48ce-9c54-bac5a96cbd42) by default represent a significant security risk and attack surface.
能力评估
Purpose & Capability
The repository contains a webhook adapter, subscription lifecycle tooling, a worker, and CLI helpers for mail/calendar/drive/contacts — which matches the skill description. Required binaries (python3, bash, curl) make sense. However, the SKILL.md and scripts expect several runtime secrets and service-level env values (OPENCLAW_HOOK_URL, OPENCLAW_HOOK_TOKEN, GRAPH_WEBHOOK_CLIENT_STATE, optional OPENCLAW_SESSION_KEY) that are not declared in the registry metadata's requires.env/primaryEnv. That metadata omission is an inconsistency you should be aware of.
Instruction Scope
Runtime instructions and scripts are focused on Graph OAuth, subscription management, enqueue/dedupe, and POSTing wake signals to OpenClaw — all within stated purpose. They reference and persist tokens in state/graph_auth.json and load runtime values from /etc/default/graph-mail-webhook; they also include an advanced mode to post richer payloads to /hooks/agent. Nothing in SKILL.md instructs reading unrelated host data, but the worker/adapter will call local OpenClaw endpoints and external Microsoft Graph APIs and will persist token-bearing files locally.
Install Mechanism
The registry shows no formal install spec (instruction-only), but the repo includes privileged setup scripts (run_mail_webhook_e2e_setup.sh, setup_mail_webhook_ec2.sh, diagnose and smoke-test scripts) that install Caddy, create systemd units, write /etc/default/graph-mail-webhook, and can patch OpenClaw config. The install is script-driven (sudo) — there is no packaged installer or verified release host in the metadata, so you should review the scripts before running them with root privileges.
Credentials
The skill operates with/needs sensitive secrets: OAuth tokens (state/graph_auth.json), OPENCLAW_HOOK_TOKEN, GRAPH_WEBHOOK_CLIENT_STATE, and an OpenClaw hook URL. These are justified by the task, but the registry metadata failing to declare required env vars / primary credential is a mismatch. Additionally, the project ships with a default public client_id (Alitar app) for quick testing — using that defaults to a third‑party app issuance of tokens unless you register your own App Registration, which has privacy/security implications in production.
Persistence & Privilege
The skill does not set always:true (good), but its setup scripts intentionally create persistent system services and write to system locations (/etc, systemd units) and may patch OpenClaw config and restart the service. That is high privilege and modifies runtime/system configuration; verify the scripts and prefer --dry-run or manual inspection before allowing automated changes. The ability to auto-configure OpenClaw (other component) increases blast radius if misused.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install microsoft-365-graph-openclaw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /microsoft-365-graph-openclaw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.2
Version 0.2.2 - Updated documentation to clarify required and optional environment variables for push-mode setup. - Service-level runtime configuration now emphasizes systemd integration using `/etc/default/graph-mail-webhook`. - README, SKILL.md, and troubleshooting docs improved for minimal-input and e2e setup workflows. - Guidance for handling missing or auto-generated `GRAPH_WEBHOOK_CLIENT_STATE` variables in automation scripts. - No user-facing code changes; this release is documentation-focused.
v0.2.1
- Updated to version 0.2.1. - Removed the `primaryEnv` and `requires.env` fields from skill metadata for simpler environment variable handling. - No code changes; documentation and metadata only.
v0.2.0
- Added sudo requirement to the mail webhook smoke test command for consistent permissions in automated scenarios. - Updated documentation to clarify and unify setup instructions for automated EC2 bootstrap and end-to-end webhook setup. - Improved troubleshooting and minimal setup docs with clearer step-by-step instructions and readiness signal outputs. - Enhanced mail webhook smoke tests for robustness and validation feedback during push setup. - Documentation and usage examples refreshed in references and scripts for ease of onboarding and maintenance.
v0.1.6
Major 0.2.0 release with documentation restructure and file layout cleanup. - Moved scripts from `graph-office-suite/scripts/` to top-level `scripts/` - Permission profiles and all documentation now under `docs/` (added multiple new docs: setup, troubleshooting, minimal setup) - Updated all references in code and markdown to new file locations - Added essential project files: README.md, CONTRIBUTING.md, SECURITY.md, MAINTAINER-PUBLISHING.md, and CHANGELOG.md - Improved clarity, automation, and onboarding process in documentation and examples
v0.1.5
- Adds detailed usage and setup instructions for Microsoft 365 Graph integration with OpenClaw, including mail, calendar, OneDrive, and contacts operations. - Introduces webhook-based wake signals to reduce recurring LLM costs from inbox polling. - Documents push-first security model: explicit hook token authentication and clientState validation. - Provides example commands and scripts for OAuth device login, mailbox operations, file uploads, calendar events, contacts, and webhook server/worker setup. - Covers automated deployment steps and recommended security practices for tokens and configuration files.
元数据
Slug microsoft-365-graph-openclaw
版本 0.2.2
许可证 MIT-0
累计安装 4
当前安装数 4
历史版本数 5
常见问题

Microsoft 365 Graph Openclaw 是什么?

Microsoft 365 Graph for OpenClaw with webhook-based wake signals. Reduce recurring LLM cost from inbox polling while managing Outlook mail, calendar, OneDriv... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 497 次。

如何安装 Microsoft 365 Graph Openclaw?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install microsoft-365-graph-openclaw」即可一键安装,无需额外配置。

Microsoft 365 Graph Openclaw 是免费的吗?

是的,Microsoft 365 Graph Openclaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Microsoft 365 Graph Openclaw 支持哪些平台?

Microsoft 365 Graph Openclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 Microsoft 365 Graph Openclaw?

由 draeden79(@draeden79)开发并维护,当前版本 v0.2.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论