← 返回 Skills 市场
tirandagan

Office 365 Connector

作者 Tiran Dagan · GitHub ↗ · v2.0.0
cross-platform ⚠ suspicious
2410
总下载
3
收藏
10
当前安装
2
版本数
在 OpenClaw 中安装
/install office365-connector
功能描述
Office 365 / Outlook connector for email (read/send), calendar (read/write), and contacts (read/write) using resilient OAuth authentication. NOW WITH MULTI-ACCOUNT SUPPORT! Manage multiple Microsoft 365 identities from a single skill. Solves the difficulty connecting to Office 365 email, calendar, and contacts. Uses Microsoft Graph API with comprehensive Azure App Registration setup guide. Perfect for accessing your Microsoft 365/Outlook data from OpenClaw.
安全使用建议
What to consider before installing: - Source trust: The skill's source/homepage is unknown. The code and docs look consistent with an Office365 connector, but you should only install from authors you trust. Prefer official or well-known sources. - Metadata mismatches: The registry metadata does NOT declare required binaries or environment variables, yet the SKILL.md and scripts expect a Node runtime and may use AZURE_TENANT_ID / AZURE_CLIENT_ID / AZURE_CLIENT_SECRET as fallbacks. Treat those omissions as a packaging/quality issue and verify prerequisites before running. - Secrets handling: The skill stores client secrets and tokens in ~/.openclaw/auth/office365-accounts.json and per-account token files (mode 0600). Files are not encrypted. If you proceed, use a dedicated, minimal-privilege Azure App Registration, rotate secrets often, and avoid putting highly privileged tenant-wide credentials into this skill. - Least privilege: Only grant the Graph permissions you actually need. If you only need read-only, avoid enabling Mail.Send or ReadWrite scopes. Creating an app with the minimum delegated scopes reduces blast radius. - Review/scan the code: Because the source is unknown, inspect the JavaScript files (they're included) or have them audited. The network calls target Microsoft endpoints (login.microsoftonline.com and graph.microsoft.com), which is expected; nonetheless confirm there are no hidden remote endpoints or obfuscated code. - Run safely: Test in an isolated environment or throwaway account before connecting sensitive or corporate accounts. Consider creating a dedicated Azure AD app and test user with only the necessary permissions. If you can't verify the author or you are not comfortable with local secret storage, consider alternatives (official connectors, platform-provided integrations) or request a signed/reviewed release from a trusted maintainer.
功能分析
Type: OpenClaw Skill Name: office365-connector Version: 2.0.0 This skill is classified as suspicious due to its broad and high-risk delegated permissions, including `Mail.ReadWrite`, `Mail.Send`, `Calendars.ReadWrite`, and `Contacts.ReadWrite`. While these permissions are explicitly declared in `SKILL.md` and `references/permissions.md` and are necessary for the skill's stated purpose as a comprehensive Office 365 connector, they grant extensive control over a user's email, calendar, and contacts. The skill demonstrates good security practices by storing credentials and tokens with restricted file permissions (0600) in `~/.openclaw/auth/` and communicating only with legitimate Microsoft OAuth and Graph API endpoints. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts against the AI agent in the documentation.
能力评估
Purpose & Capability
The code and SKILL.md implement an Office 365/Outlook connector (email/calendar/contacts) using Microsoft Graph and OAuth, which matches the declared purpose. However the registry metadata lists no required binaries or environment variables even though the runtime instructions and scripts explicitly require Node (node CLI) and often expect Azure credentials (tenant/client/secret). That metadata omission is inconsistent with the stated capability.
Instruction Scope
Runtime instructions and CLI scripts operate within expected boundaries (call microsoftonline and graph.microsoft.com, read/write account files under ~/.openclaw/auth). However the SKILL.md and code reference environment variable fallbacks (AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET) and a legacy token path — these environment variables were not declared in the registry metadata. The commands also write client secrets and tokens to local files (~/.openclaw/auth/office365-accounts.json and per-account token files). The instructions do not ask for unrelated system data, but they do implicitly access environment variables that the metadata did not advertise.
Install Mechanism
The package contains runnable Node CLI scripts (shebangs and many .js files) and SKILL.md examples that use `node ...`, but the registry entry declares no required binaries and provides no install spec. At minimum the skill requires a Node runtime on PATH; the absence of that in metadata is an incoherence. No external downloads or installers are requested (which is good), but the packaging/metadata mismatch increases risk (user might run scripts without realizing Node is required).
Credentials
The skill legitimately needs Azure credentials (tenant ID, client ID, client secret) and requests delegated Graph scopes including Mail.Send and write scopes. That is proportional to the described features, but the registry metadata did not declare any required env vars or a primary credential. Sensitive secrets are stored in plaintext JSON files under the user's home directory with mode 0600 (per docs and code) — this is common but still high-sensitivity. The combination of undocumented env-var usage, storage of client secrets, and high-impact permissions (Mail.Send, Mail.ReadWrite, Calendars.ReadWrite, Contacts.ReadWrite) warrants caution.
Persistence & Privilege
The skill does not request permanent global inclusion (always: false) and does not attempt to modify other skills or system-wide settings. It writes only to its own config/token paths under ~/.openclaw and does not request elevated OS privileges. Autonomous model invocation is enabled (default), but that is the platform normal and not, by itself, a red flag here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install office365-connector
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /office365-connector 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
v2.0.0: Multi-Account Enhancement by Matthew Gordon ([email protected]) MAJOR NEW FEATURES: • Multi-account support - Manage multiple Microsoft 365 identities (work, personal, consulting) • Per-account token isolation - Separate, secure token storage for each account • Account switching - Easy --account=name flag across all operations • Default account selection - Set preferred account for convenience • Account management CLI - Simple add/remove/list/default commands • Legacy import tool - Seamless migration from v1.0.0 single-account setups ENHANCEMENTS: • Enhanced auth.js with multi-account authentication support • Updated email.js, calendar.js, send-email.js, cancel-event.js for multi-account • New accounts.js CLI for account management • Comprehensive MULTI-ACCOUNT.md usage guide • CHANGELOG.md and CREDITS.md for full attribution BACKWARD COMPATIBILITY: • ✅ Full backward compatibility maintained • ✅ Environment variable fallback preserved • ✅ No breaking changes for existing single-account users • ✅ All original functionality intact SECURITY: • Per-account token files with mode 0600 • Account config stored with mode 0600 • Directory permissions set to 0700 CREDIT: Massive thank you to Matthew Gordon for this excellent contribution! This enhancement makes the skill significantly more useful for consultants, freelancers, and anyone managing multiple work identities. Original skill: office365-connector v1.0.0 Enhanced by: Matthew Gordon ([email protected])
v1.0.0
Initial release - Office 365/Outlook email, calendar, and contacts integration with OAuth authentication and comprehensive Azure App Registration setup guide
元数据
Slug office365-connector
版本 2.0.0
许可证
累计安装 10
当前安装数 10
历史版本数 2
常见问题

Office 365 Connector 是什么?

Office 365 / Outlook connector for email (read/send), calendar (read/write), and contacts (read/write) using resilient OAuth authentication. NOW WITH MULTI-ACCOUNT SUPPORT! Manage multiple Microsoft 365 identities from a single skill. Solves the difficulty connecting to Office 365 email, calendar, and contacts. Uses Microsoft Graph API with comprehensive Azure App Registration setup guide. Perfect for accessing your Microsoft 365/Outlook data from OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2410 次。

如何安装 Office 365 Connector?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install office365-connector」即可一键安装,无需额外配置。

Office 365 Connector 是免费的吗?

是的,Office 365 Connector 完全免费(开源免费),可自由下载、安装和使用。

Office 365 Connector 支持哪些平台?

Office 365 Connector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Office 365 Connector?

由 Tiran Dagan(@tirandagan)开发并维护,当前版本 v2.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论