← 返回 Skills 市场
Outlook Plus
作者
Cristian Dan
· GitHub ↗
· v1.9.0
923
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install outlook-plus
功能描述
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar e...
安全使用建议
This skill appears to do what it says, but before installing or running it you should: 1) Review the scripts yourself (they will create an Azure App Registration and client secret in your Azure account). 2) Understand the requested scopes (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, offline_access) grant full read/write/send access to your mail and calendars — only proceed if you trust the author. 3) Be aware credentials and tokens are stored at ~/.outlook-mcp (files are chmod 600 in the scripts); do not share those files. 4) The token manager can print access tokens with outlook-token.sh get --confirm — avoid running that in insecure contexts. 5) Use a personal account or get admin approval if using a work account (organization consent may be required). 6) If you have concerns, run the setup steps manually following references/setup.md instead of automated script to retain full control.
功能分析
Type: OpenClaw Skill
Name: outlook-plus
Version: 1.9.0
The skill is classified as suspicious due to its inherently high-risk capabilities, including the automatic creation of an Azure AD application with broad permissions (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite) as detailed in `SKILL.md` and implemented in `scripts/outlook-setup.sh`. It also stores sensitive OAuth tokens and client secrets locally in `~/.outlook-mcp/` and provides commands to download email attachments to the local filesystem via `scripts/outlook-mail.sh`. While the scripts demonstrate robust input sanitization (e.g., using `jq --arg` for JSON payloads, URL encoding, and filename sanitization in `scripts/outlook-mail.sh`) and transparency regarding permissions, the extensive access and control over a user's email and calendar, coupled with the ability to create Azure resources, represent significant potential for misuse if the agent were compromised or given malicious instructions.
能力评估
Purpose & Capability
Name/description match the actual behavior: scripts call Microsoft Graph and the setup uses the Azure CLI to create an App Registration and obtain delegated OAuth tokens. Required binaries (az, jq) are necessary and used by the scripts.
Instruction Scope
Runtime instructions and scripts operate only against Microsoft endpoints (login.microsoftonline.com, graph.microsoft.com). They read/write config and tokens under ~/.outlook-mcp and optionally read system timezone files (/etc/timezone, /etc/localtime). Scripts accept OUTLOOK_ACCOUNT and OUTLOOK_TZ environment variables (used but not declared in requires.env). The token manager can print access tokens when run with explicit confirmation; this is flagged in the docs and scripts.
Install Mechanism
No install spec or external downloads — the package is instruction + shell scripts. No remote, arbitrary code download or extraction is performed by the skill itself.
Credentials
The skill requests OAuth permissions (Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, offline_access) which are appropriate for full mail/calendar management. It requires Azure CLI login so it will create resources in the user's Azure account (App Registration and client secret) and stores client_id/client_secret and tokens in ~/.outlook-mcp. These sensitive artifacts are expected but merit careful handling by the user. The scripts also use optional env vars (OUTLOOK_ACCOUNT, OUTLOOK_TZ) that are not declared in the metadata.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill writes credentials and tokens only under the invoking user's home (~/.outlook-mcp) and does not modify other skills or system-wide agent settings. It does create an App Registration in the user's Azure tenant during setup, which is expected for OAuth but is an action with side effects in the user's cloud account.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install outlook-plus - 安装完成后,直接呼叫该 Skill 的名称或使用
/outlook-plus触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.9.0
Fixed --from filter to use $search. Removed changelog from SKILL.md.
v1.8.0
New query command with advanced filtering: date ranges (--after/--before), folder, sender, unread, attachments filters.
v1.7.0
Security: Fixed jq filter injection with --arg. Token get requires --confirm flag. URL-encode queries. Safe ID lookup helpers.
v1.6.0
Security: Fixed JSON injection - all user inputs now escaped via jq. Added warning to token get command.
v1.5.0
Added required binaries (az, jq) to metadata. Added credentials notice. Added Security Considerations section. Added homepage.
v1.4.0
Outlook Plus v1.4.0
- Added multi-account support: connect and manage multiple Outlook accounts (personal, work, etc.).
- New --account flag and OUTLOOK_ACCOUNT environment variable to select accounts for all commands.
- Added command to list configured accounts: outlook-token.sh list.
- Existing single-account setups are automatically migrated to the 'default' account name.
- Documentation significantly expanded with detailed usage, examples, and troubleshooting.
- No breaking changes for current users.
元数据
常见问题
Outlook Plus 是什么?
Read, search, and manage Outlook emails and calendar via Microsoft Graph API. Use when the user asks about emails, inbox, Outlook, Microsoft mail, calendar e... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 923 次。
如何安装 Outlook Plus?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install outlook-plus」即可一键安装,无需额外配置。
Outlook Plus 是免费的吗?
是的,Outlook Plus 完全免费(开源免费),可自由下载、安装和使用。
Outlook Plus 支持哪些平台?
Outlook Plus 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Outlook Plus?
由 Cristian Dan(@cristiandan)开发并维护,当前版本 v1.9.0。
推荐 Skills