← 返回 Skills 市场
Outlook for Work/School 365
作者
Blake Lucas
· GitHub ↗
· v1.0.0
404
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install outlook-365
功能描述
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar e...
安全使用建议
This skill appears to do what it says, but be aware of these practical security points before installing: 1) The automated setup will create an Azure App Registration and a client secret in the authenticated Azure account/tenant — that requires appropriate privileges and may require admin consent for some tenants. 2) The client_secret and OAuth tokens are stored on disk at ~/.outlook-mcp/config.json and credentials.json; anyone with access to those files could use them to access your mailbox until you revoke them. 3) If you prefer tighter control, perform the manual setup (references/setup.md) and create the app yourself in the Azure Portal, then paste only the minimal config into ~/.outlook-mcp. 4) After use, revoke the app secret or delete the App Registration and remove ~/.outlook-mcp to invalidate access. 5) Inspect the included scripts (they are plain shell) before running and ensure az, jq, and curl are trusted on your system.
功能分析
Type: OpenClaw Skill
Name: outlook-365
Version: 1.0.0
The skill bundle contains critical shell injection vulnerabilities in 'outlook-mail.sh' and 'outlook-calendar.sh' because unsanitized variables (such as $SUBJECT, $BODY, and $QUERY) are used within double-quoted strings in curl commands, which allows for Remote Code Execution (RCE) if the agent processes untrusted input. Additionally, the 'download' command in 'outlook-mail.sh' is vulnerable to path traversal through the attachment name. While the scripts are functionally aligned with their stated purpose of managing Microsoft Outlook data, these significant security flaws and the broad API permissions required (Mail.ReadWrite, Calendars.ReadWrite) present a high risk to the host environment.
能力评估
Purpose & Capability
Name/description match the code: scripts call Microsoft Graph, perform calendar and mail operations, and the setup creates an Azure app registration and requests Mail.ReadWrite, Mail.Send, Calendars.ReadWrite and offline_access scopes — all expected for full mailbox/calendar management.
Instruction Scope
Runtime instructions direct the user to run an automated setup that logs into Azure, creates an app registration, creates a client secret, guides user authorization, and saves tokens and credentials under ~/.outlook-mcp. This is consistent with the skill's purpose but does store sensitive credentials and tokens on disk; the scripts do not appear to read unrelated files or exfiltrate data to third-party endpoints.
Install Mechanism
No external install/download is performed by the skill bundle; it is instruction+script based and relies on local tools (az, jq, curl). There are no obscure or remote installers, and no extracted archives or external binaries fetched by the skill.
Credentials
The skill requests no platform env vars but creates and stores a client_id/client_secret/tenant and access/refresh tokens in ~/.outlook-mcp — this is necessary for a confidential OAuth client but is sensitive. The OAuth scopes requested are appropriate for the stated mail/calendar functionality.
Persistence & Privilege
always:false and the skill does not auto-enable itself. It will create an Azure App Registration and a client secret in the user's tenant (if the authenticated account has permissions) and write config/tokens to the user's home directory — side effects that affect the user's Azure tenant and local filesystem but are expected for this functionality.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install outlook-365 - 安装完成后,直接呼叫该 Skill 的名称或使用
/outlook-365触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Outlook 365 Skill v1.3.0
- Added full calendar support: view, create, update, and delete events; list calendars; check availability.
- New scripts for calendar management (`outlook-calendar.sh`).
- Expanded email features: advanced searching, focused inbox, categories, bulk operations, folder management, and stats.
- Improved setup automation via `outlook-setup.sh`; simplified credential handling.
- Enhanced troubleshooting and detailed usage examples in documentation.
元数据
常见问题
Outlook for Work/School 365 是什么?
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar e... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 404 次。
如何安装 Outlook for Work/School 365?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install outlook-365」即可一键安装,无需额外配置。
Outlook for Work/School 365 是免费的吗?
是的,Outlook for Work/School 365 完全免费(开源免费),可自由下载、安装和使用。
Outlook for Work/School 365 支持哪些平台?
Outlook for Work/School 365 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Outlook for Work/School 365?
由 Blake Lucas(@mts-blake-lucas)开发并维护,当前版本 v1.0.0。
推荐 Skills