← 返回 Skills 市场

office secretary

Name: office secretary
Author: cenralsolution

作者 Cenralsolution · GitHub ↗ · v3.1.0

cross-platform ⚠ suspicious

1259

总下载

当前安装

版本数

在 OpenClaw 中安装

/install office-secretary

功能描述

A digital administrative assistant for Microsoft 365 (Outlook & OneDrive).

安全使用建议

What to consider before installing: - The skill appears to do what it says (read/triage mail, find calendar slots, list old OneDrive files, post to Teams) and the Python code calls only Microsoft Graph endpoints. - However the registry metadata does not declare the two required environment variables (SECRETARY_CLIENT_ID, SECRETARY_TENANT_ID) shown in SKILL.md and used by the code. This is likely an oversight but could cause the platform not to surface the credential requirements to you—treat it as suspicious until corrected. - The Azure app will need delegated permissions that allow reading/modifying email and files and sending Teams messages. These are powerful rights (Mail.ReadWrite and Files.ReadWrite can modify or delete content). Only grant them for an account/tenant you trust and consider using a dedicated service account with limited data access. - The tool uses interactive authentication and stores a local token_cache.bin. Ensure that file is stored securely (it is gitignored here) and that file-system permissions meet your policy. Review and rotate tokens if you later uninstall. - If you decide to run: inspect the code yourself, register the Azure app in a restricted test tenant, grant only the minimum scopes you accept, and run in an isolated or least-privilege account first. - Fixes that would increase trust: update the registry manifest to explicitly declare required env vars and a clear primary credential, and add NOTES in SKILL.md about token_cache location and exact consent prompts.

功能分析

Type: OpenClaw Skill Name: office-secretary Version: 3.1.0 The skill is classified as suspicious due to the combination of broad Microsoft Graph permissions (`Mail.ReadWrite`, `Calendars.ReadWrite`, `Files.ReadWrite`, `ChatMessage.Send`) and the direct use of command-line arguments (`sys.argv`) for parameters like `team_id`, `channel_id`, and `msg` in `secretary_engine.py` without explicit input validation or sanitization. While the code's intent appears benign and aligned with its stated purpose, these factors introduce potential vulnerabilities (e.g., path injection or malformed requests) if the OpenClaw agent or user provides untrusted input, elevating the risk profile beyond a truly benign skill.

能力评估

⚠ Purpose & Capability

The declared purpose (M365 mail, calendar, OneDrive, Teams) matches the code and requested Graph scopes (Mail.ReadWrite, Calendars.ReadWrite, Files.ReadWrite, ChatMessage.Send). However the registry metadata provided to the platform claims no required environment variables or primary credential, while both SKILL.md and the code require SECRETARY_CLIENT_ID and SECRETARY_TENANT_ID. That registry/metadata mismatch is an incoherence that could lead to missing platform prompts or mistaken trust.

✓ Instruction Scope

SKILL.md instructs creation of an Azure app and use of delegated permissions, and the runtime commands call only Microsoft Graph endpoints. The instructions do not request unrelated files or remote endpoints beyond graph.microsoft.com. The skill uses interactive authentication and stores tokens in a local token_cache.bin file.

✓ Install Mechanism

There is no external install or download spec—this is effectively an instruction + code bundle. Requirements.txt lists msal, requests, python-dotenv which are consistent with the code. No remote installers, URL downloads, or archives are used.

⚠ Credentials

The code and SKILL.md require two env vars (SECRETARY_CLIENT_ID and SECRETARY_TENANT_ID) and will create a local token_cache.bin; these are proportionate to the declared functionality. The problem is the registry metadata (the platform-level manifest) does not declare these required env vars or a primary credential, which is inconsistent and may cause confusion about what secrets are needed or what the platform will store/ask for.

✓ Persistence & Privilege

The skill is not marked always:true, does not modify other skills or global agent settings, and only writes a local token cache file (token_cache.bin) under its directory. It enforces file permissions on Unix-like systems. Autonomous invocation is enabled (platform default) but not combined with any other broad or unexpected privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install office-secretary
安装完成后，直接呼叫该 Skill 的名称或使用 /office-secretary 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v3.1.0

- Added explicit declaration of required environment variables (SECRETARY_CLIENT_ID, SECRETARY_TENANT_ID) for registry compatibility. - Updated description to clarify the skill's main functions. - Minor wording improvements for clarity in governance and other sections.

v3.0.0

Version 1.1.1 - Refocused description and role to emphasize security-first, delegated permissions, and user data privacy. - Updated command interface: clarified parameters and simplified command options. - Added specific setup instructions for Azure Entra ID app registration, delegated permissions, and necessary environment variables. - Removed PDF export and Planner commands from documentation. - Modernized language for communication and executive support capabilities.

v1.1.0

- Added .gitignore and requirements.txt to project for improved environment and dependency management. - Updated skill description to highlight unified automation features for M365, including triage, calendar, governance, and PDF export. - Expanded command interface with new commands: smart calendar scheduling, Teams alerts, Planner integration, and drive cleanup. - Enhanced implementation details: clarified OAuth2 flow, token persistence, and high-performance API strategy.

v1.0.1

Version 1.0.1 introduces major enhancements and broadens functionality beyond core admin tasks. - Expanded role to serve as a unified executive secretary, handling both administrative and executive tasks. - Added Excel dashboards, advanced formula calculation, PDF report generation, and PowerPoint creation via Microsoft 365. - Introduced clear onboarding and troubleshooting logic for setup and authentication issues. - Updated interface with new commands for email rules, Planner, Excel analysis, PDF export, and PowerPoint generation. - Updated required dependencies to support Excel and PowerPoint features.

v1.0.0

Intial creation of the skill 13th February 2026

元数据

Slug office-secretary

版本 3.1.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 5

常见问题

office secretary 是什么？

A digital administrative assistant for Microsoft 365 (Outlook & OneDrive). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1259 次。

如何安装 office secretary？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install office-secretary」即可一键安装，无需额外配置。

office secretary 是免费的吗？

是的，office secretary 完全免费（开源免费），可自由下载、安装和使用。

office secretary 支持哪些平台？

office secretary 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 office secretary？

由 Cenralsolution（@cenralsolution）开发并维护，当前版本 v3.1.0。