← 返回 Skills 市场
10967
总下载
20
收藏
99
当前安装
1
版本数
在 OpenClaw 中安装
/install outlook
功能描述
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar events, or scheduling.
安全使用建议
Install only if you are comfortable letting the agent read and modify Outlook mail, send messages as you, and change calendar events. Treat ~/.outlook-mcp as sensitive credential storage, avoid using the token-printing command unless necessary, review every send/delete/bulk/calendar-change action, and do not download attachments with suspicious names or to sensitive directories until the download path handling is fixed.
功能分析
Type: OpenClaw Skill
Name: outlook
Version: 1.3.0
The skill is classified as suspicious due to a path traversal vulnerability in the `scripts/outlook-mail.sh` file, specifically within the `download` command. This vulnerability allows an attacker to write email attachment content to arbitrary file paths on the agent's filesystem by crafting a malicious attachment name (e.g., `../../.bashrc`). While not clear evidence of intentional malicious behavior by the skill developer, this flaw provides a powerful primitive for a malicious prompt to exploit, potentially leading to persistence or arbitrary code execution. Additionally, the skill requests broad permissions (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite) which, while aligned with its stated purpose, represent high-risk capabilities.
能力评估
Purpose & Capability
Reading, searching, sending, moving, deleting, and scheduling through Microsoft Graph matches the stated Outlook-management purpose, but these are high-impact account capabilities.
Instruction Scope
The documented commands include sending/replying/forwarding email, deleting or moving mail, bulk delete, folder deletion, and calendar create/update/delete with no built-in confirmation or dry-run guard.
Install Mechanism
Setup is disclosed in the skill documentation and uses Azure CLI plus jq to create an Azure app registration, add Microsoft Graph permissions, and save local configuration.
Credentials
Microsoft Graph access is expected, but the attachment download command writes decoded attachment content to a caller-supplied path using the remote attachment name without path normalization, allowing path traversal or unintended overwrite under the user's filesystem permissions.
Persistence & Privilege
The skill stores a client secret, access token, and refresh token in ~/.outlook-mcp with chmod 600 and exposes a command that prints the raw access token; this is disclosed but sensitive given Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, and offline_access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install outlook - 安装完成后,直接呼叫该 Skill 的名称或使用
/outlook触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
Added calendar support (view/create/update/delete events, check availability)
元数据
常见问题
Outlook 是什么?
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar events, or scheduling. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 10967 次。
如何安装 Outlook?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install outlook」即可一键安装,无需额外配置。
Outlook 是免费的吗?
是的,Outlook 完全免费(开源免费),可自由下载、安装和使用。
Outlook 支持哪些平台?
Outlook 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Outlook?
由 jotamed(@jotamed)开发并维护,当前版本 v1.3.0。
推荐 Skills