OpenCloutlook

Read and manage Microsoft Outlook email (inbox, folders, move messages) and Outlook calendar (list events, create events) via Microsoft Graph API. Use when t...

What to check before installing/using this skill: 1) Protect tokens: The skill stores access and refresh tokens at ~/.openclaw/msgraph-tokens.json. Treat that file as sensitive (chmod 600 is used by the scripts). Do not run auth.py token in environments where console output or logs are shared, because it prints the raw access token. 2) Docs vs code mismatch: The README/SETUP.md sometimes reference CLIENT_ID uppercase while auth.py reads 'client_id' (lowercase). Ensure your config.ini uses the key names the script expects (check config.example.ini) or fix the mismatch before authenticating. 3) Agent safety: auth.py calls sys.exit() on auth errors (and can raise KeyError at import if config keys are missing). If you plan to call these scripts from a long‑running agent process, be aware an auth error could terminate the process. Consider running these scripts as subprocesses or modifying the code to raise exceptions instead of exiting. 4) Sensitive data in LLM prompts: Example code shows building prompts containing email subjects, senders, and (in other helpers) stripped bodies to send to third‑party LLMs. Be cautious — sending inbox content to external LLM providers may leak private data. Review and sanitize any content before forwarding it. 5) Verify redirect URI/port: Setup docs have inconsistent redirect URI examples (a small mismatch between pages and the default port 8765). Make sure Azure app redirect URIs match the REDIRECT_PORT in your config.ini. 6) Audit before use: The code uses only Microsoft endpoints and local HTTP redirects for PKCE, and there are no suspicious external endpoints, but review the scripts (auth.py, graph_api.py, mail.py, cal.py) in your environment before granting access to avoid accidental leaks. If you need higher assurance, run the included tests locally and consider changing sys.exit() behavior to exceptions.

Type: OpenClaw Skill Name: openclaw-msgraph Version: 1.0.0 The skill is classified as suspicious due to a vulnerability in how it constructs API request URLs. The `graph_api.py` module directly concatenates user-controlled identifiers (like `message_id`, `event_id`, `folder_id`, `calendar_id`) from `mail.py` and `cal.py` into the URL path without explicit sanitization or validation. While these IDs are typically opaque strings from the Microsoft Graph API, a lack of input validation could allow an attacker to inject path traversal sequences (e.g., `../`) or other malicious strings if they can manipulate the agent's input, potentially leading to unintended API calls or API path traversal on the Microsoft Graph endpoint. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts within the `SKILL.md` itself.