← 返回 Skills 市场
Openclaw Intune Skill
作者
Mattia Cirillo
· GitHub ↗
· v1.0.1
587
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-intune-skill
功能描述
A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups,...
安全使用建议
This skill appears to be what it claims — a full Intune Graph API instruction set — but the published metadata incorrectly omits the required Azure credentials. Before installing: (1) do not provide high-privilege client secrets into a skill without verifying provenance — confirm the author and repository (kaffeeundcode.com) and ideally review SKILL.md yourself; (2) prefer using an App Registration with least-privilege Graph application permissions and consider certificate-based auth or managed identity rather than a long-lived client secret; (3) test in a non-production tenant first (use a test tenant or sandbox); (4) verify that your OpenClaw deployment will prompt you for INTUNE_TENANT_ID/CLIENT_ID/CLIENT_SECRET rather than silently reading them from an unexpected place; (5) be aware the skill can perform destructive actions (wipe/retire/delete) — ensure confirmations are enforced and consider restricting the agent's ability to run destructive flows automatically. If you cannot confirm the metadata/credential mismatch or author identity, do not install in a production environment.
功能分析
Type: OpenClaw Skill
Name: openclaw-intune-skill
Version: 1.0.1
The skill provides extremely broad and powerful capabilities for 'complete management' of Microsoft Intune, requiring extensive Graph API permissions (e.g., `ReadWrite.All` for devices, apps, policies, groups). While the `SKILL.md` includes explicit and robust safety instructions for the AI agent, requiring confirmation for all modifying/destructive actions and double-confirmation for critical operations like 'Wipe Device', the nature of an AI agent executing markdown instructions means these safety rules could potentially be bypassed by a sophisticated prompt injection attack from an external user. This combination of high-privilege capabilities and the inherent vulnerability of prompt-following agents, despite the developer's intent for safety, classifies it as suspicious.
能力评估
Purpose & Capability
The skill claims full Microsoft Intune management and its SKILL.md requires an Azure AD app (tenant id, client id, client secret) and Graph application permissions that are appropriate for that purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and may mislead installers.
Instruction Scope
The SKILL.md contains explicit API endpoints, OAuth token flow, and safety rules (double confirmation for wipes/retire/delete, formatting of output, error handling). It does not instruct the agent to read unrelated files, call unknown external endpoints, or exfiltrate data beyond Graph API calls. Destructive actions are allowed but require confirmations per the instructions.
Install Mechanism
This is an instruction-only skill with no install spec and no code to write to disk — low install risk. The README provides a simple copy-to-workspace installation step.
Credentials
The SKILL.md legitimately requires INTUNE_TENANT_ID, INTUNE_CLIENT_ID, and INTUNE_CLIENT_SECRET and lists broad Microsoft Graph application permissions (Directory.Read.All, Group.ReadWrite.All, DeviceManagement*.ReadWrite.All, etc.). Those are high-privilege secrets and permissions but are proportionate to full Intune management. The concern is the mismatch with the registry metadata (which lists no required env vars/primary credential), increasing the chance that the user or platform will not surface or secure these credentials correctly. Also consider requiring certificate-based credentials or managed identities instead of long-lived client secrets.
Persistence & Privilege
The skill does not request always:true, has no OS restrictions, and is user-invocable. It does not ask to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not excessive here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-intune-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-intune-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Added required environment variable declarations (INTUNE_TENANT_ID, INTUNE_CLIENT_ID, INTUNE_CLIENT_SECRET) to fix security flag. Added homepage link.
v1.0.0
Initial release: Enables comprehensive Microsoft Intune management via Graph API.
- Complete coverage for device, app, policy, compliance, user, group, reporting, Autopilot, PowerShell script management, and all remote device actions.
- Detailed authentication requirements and guidance, including OAuth 2.0 flow and required permissions.
- Strict safety and confirmation protocols for sensitive actions (e.g., wipe, retire, delete, policy changes).
- Clear instructions for presenting data in readable formats with error-handling in simple German.
- Organized API endpoint references for all major Intune management scenarios.
元数据
常见问题
Openclaw Intune Skill 是什么?
A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 587 次。
如何安装 Openclaw Intune Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-intune-skill」即可一键安装,无需额外配置。
Openclaw Intune Skill 是免费的吗?
是的,Openclaw Intune Skill 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Intune Skill 支持哪些平台?
Openclaw Intune Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Intune Skill?
由 Mattia Cirillo(@mattiacirillo)开发并维护,当前版本 v1.0.1。
推荐 Skills