← 返回 Skills 市场
bshio
作者
dongrebeccahhh-boop
· GitHub ↗
· v1.0.0
· MIT-0
108
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install outlook-email-skill-fixed
功能描述
Microsoft Outlook/Live.com email and calendar client via Microsoft Graph API. List, search, read, send emails. View and create calendar events. Supports devi...
安全使用建议
This skill's purpose (an Outlook CLI) is plausible, but there are important red flags you should resolve before installing or running anything:
- The bundle contains only documentation (README and SKILL.md) and no executable or Python script named 'outlook'. Ask the author where the CLI binary or source code is and why it's not packaged. Do not rely on running commands like 'outlook auth' until you have the actual program.
- Authentication guidance is inconsistent: SKILL.md advertises device-code flow (which typically does not require a client secret) but the README instructs creating and entering a client secret. Confirm which auth flow the tool uses. Avoid entering or storing client secrets unless you have audited the code and understand why they are needed.
- The skill will store OAuth tokens at ~/.config/outlook-cli/token.json. That is expected, but ensure the file permissions are set (chmod 600) and never share or commit the file. Prefer device-code / public client flows if you want to avoid storing client secrets.
- Because this is instruction-only (no install), there is low install-time risk — but you must obtain the actual CLI implementation from a trustworthy source (official repo or release). If the implementation is delivered from an unknown URL later, treat that as higher risk.
Recommended next steps before use: obtain and inspect the actual 'outlook' program source (or official release), verify the auth flow and minimal Graph API permissions, and confirm there are no hidden network endpoints or telemetry beyond Microsoft Graph. If the author cannot provide the code or an official release, avoid installing or entering sensitive credentials.
功能分析
Type: OpenClaw Skill
Name: outlook-email-skill-fixed
Version: 1.0.0
The skill bundle provides documentation and metadata for a Microsoft Outlook CLI tool utilizing the Microsoft Graph API. The SKILL.md and README.md files contain detailed, professional instructions, including proactive security advice such as setting restrictive file permissions (chmod 600) for OAuth tokens and using official Azure portals for app registration. While the main execution script ('outlook') is not included in the provided files, the instructions and metadata show no signs of malicious intent, prompt injection, or unauthorized data exfiltration, and the requested permissions (Network, Python, Bash) are consistent with the tool's stated purpose.
能力评估
Purpose & Capability
The skill's name and description (Outlook/Microsoft Graph client) align with the instructions (list/read/send emails, calendar). However the metadata/execution block says the runtime is a Python script with main './outlook' and requires the 'outlook' CLI, yet no executable or Python code is included in the package manifest — only README and SKILL.md files. That mismatch (declaring a runnable CLI but shipping no code) is incoherent.
Instruction Scope
The SKILL.md instructs the agent/user to run commands like 'outlook configure' and 'outlook auth' and to read/write token files (~/.config/outlook-cli/token.json). Those actions are appropriate for an email client, but the instructions assume a local 'outlook' program exists. The README also instructs creating a client secret, while other parts promote device-code auth for headless environments — these authentication instructions conflict and broaden scope without justification.
Install Mechanism
This is an instruction-only skill with no install specification and no downloaded code. That lowers install-time risk. The metadata suggests Python and the 'requests' package are required, which is reasonable for a Graph API client.
Credentials
No environment variables or unrelated credentials are requested (good). The skill requires storing OAuth tokens at ~/.config/outlook-cli/token.json which is expected for an OAuth client. However, the README's guidance to create and input a client secret conflicts with the stated support for device-code (public client) flows — requiring a client secret may be unnecessary and increases risk if users are encouraged to store it locally.
Persistence & Privilege
The skill is not marked 'always:true' and uses normal model invocation. It stores tokens in its own config path (~/.config/outlook-cli) which is reasonable for this functionality and does not request system-wide privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install outlook-email-skill-fixed - 安装完成后,直接呼叫该 Skill 的名称或使用
/outlook-email-skill-fixed触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release of Outlook email and calendar CLI skill.
- Manage Microsoft Outlook/Live.com email: list, search, read, send, reply
- Access and create Outlook calendar events
- Supports device code authentication for servers and headless environments
- OAuth tokens securely stored locally; auto token refresh enabled
- Requires Python 3 and `requests` library; compatible with OpenClaw and CLI platforms
元数据
常见问题
bshio 是什么?
Microsoft Outlook/Live.com email and calendar client via Microsoft Graph API. List, search, read, send emails. View and create calendar events. Supports devi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 108 次。
如何安装 bshio?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install outlook-email-skill-fixed」即可一键安装,无需额外配置。
bshio 是免费的吗?
是的,bshio 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
bshio 支持哪些平台?
bshio 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 bshio?
由 dongrebeccahhh-boop(@dongrebeccahhh-boop)开发并维护,当前版本 v1.0.0。
推荐 Skills