← 返回 Skills 市场
User Provision
作者
eggyrooch-blip
· GitHub ↗
· v0.5.0
· MIT-0
81
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install user-provision
功能描述
在 Office 365(世纪互联)与 Adobe Creative Cloud 批量或单人开户——自动授权、重置密码、发通知邮件。两侧相互独立,用户可选一个或两个。USE WHEN 新增用户, 开户, 新员工开账号, 建账号, 批量开户, provision user, 加 office, 加 adobe, 给...
安全使用建议
This skill will run a third‑party Python CLI (cloning https://github.com/eggyrooch-blip/office365-tools), install packages, and requires many sensitive secrets (Entra/Adobe service creds and SMTP passwords). Before installing: 1) Confirm the registry metadata be updated to list the required env vars and permissions; the current omission is a red flag. 2) Review the GitHub repo source yourself (or have security review it) to ensure no unexpected behavior, hardcoded exfil endpoints, or privilege escalation. 3) Use least‑privilege credentials (service principals scoped only to needed Graph API scopes) and consider short‑lived or scoped secrets; do not reuse high‑privilege admin secrets. 4) Run first in an isolated/test tenant or sandbox. 5) Prefer storing SMTP/secret values in a secrets manager rather than plaintext .env if possible. If you cannot review the repo or obtain corrected metadata, treat this skill as risky and avoid giving it production credentials or enabling unattended/autonomous invocation.
功能分析
Type: OpenClaw Skill
Name: user-provision
Version: 0.5.0
The skill facilitates user provisioning for Office 365 and Adobe CC but introduces significant supply chain risk by requiring the agent to clone and execute code from an external GitHub repository (eggyrooch-blip/office365-tools). It instructs the agent to store highly sensitive credentials, including Entra App secrets, Adobe API secrets, and SMTP passwords, in a local .env file within that cloned repository. While the instructions include some defensive guidelines (e.g., not logging passwords), the pattern of fetching external code to handle broad administrative permissions (User.ReadWrite.All) is a high-risk behavior that could lead to credential exfiltration or unauthorized execution if the remote repository is compromised or malicious.
能力标签
能力评估
Purpose & Capability
The described purpose (provisioning O365 世纪互联 and Adobe UMAPI users) matches the actions in SKILL.md (creating accounts, assigning licenses, sending notification email). However the registry metadata declared no required env vars or credentials while the SKILL.md explicitly requires many sensitive environment variables (Entra CLIENT_ID/CLIENT_SECRET, ADOBE_CLIENT_SECRET, SMTP_PASSWORD, etc.). That metadata/instruction mismatch is a significant incoherence.
Instruction Scope
SKILL.md instructs the agent to git clone a third‑party repo, create a .env with secrets, pip install requirements, and run python CLI commands that will call Microsoft/Adobe APIs and send SMTP emails. Those runtime steps are within the stated provisioning purpose, but they require executing external code and accessing many secrets and local paths (repo state files, working dir). The instructions also grant broad discretion to 'check the repo' for implementation details, which increases the agent's freedom to read/execute repository contents.
Install Mechanism
There is no formal install spec, but SKILL.md requires cloning and running a GitHub repository (https://github.com/eggyrooch-blip/office365-tools) and pip installing its requirements. Pulling and executing unreviewed code from a third‑party GitHub repo is higher risk than instruction-only behavior; while GitHub is a normal host, the repo is not a recognized official vendor and will write files to disk and install Python packages.
Credentials
The environment variables and secrets requested in SKILL.md are proportional to the task (service principals for Entra, Adobe credentials, SMTP creds). However the registry metadata claimed no required env/primary credential—this omission is inconsistent and reduces transparency. Requiring high‑privilege Graph API permissions (User.ReadWrite.All, LicenseAssignment.ReadWrite.All) is expected for provisioning but requires careful least‑privilege configuration and audit.
Persistence & Privilege
always:false and normal autonomous invocation settings are used (no forced always-on). The skill expects to clone a repo and create local state (.env, state/adobe_state.json), which is typical for a CLI-based workflow but means the agent will write persistent files. This is acceptable for the stated task but increases the surface if combined with the other concerns above.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install user-provision - 安装完成后,直接呼叫该 Skill 的名称或使用
/user-provision触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.0
加 GitHub 仓库指引:https://github.com/eggyrooch-blip/office365-tools
v0.4.0
env 模板内联到 skill.md(ClawHub 只发布 skill.md)
v0.3.0
env.example 随包发布(ClawHub 过滤 dotfile,改名无点)
v0.2.0
frontmatter 显式声明 required_env / optional_env / requires,加 Prerequisites 段;CLI adobe create 默认 adobeID(邀请模式)
v0.1.0
初版:Office 365(世纪互联)+ Adobe CC 新员工开账号,自动授权(Adobe 默认 All Apps)+ SMTP 通知邮件
元数据
常见问题
User Provision 是什么?
在 Office 365(世纪互联)与 Adobe Creative Cloud 批量或单人开户——自动授权、重置密码、发通知邮件。两侧相互独立,用户可选一个或两个。USE WHEN 新增用户, 开户, 新员工开账号, 建账号, 批量开户, provision user, 加 office, 加 adobe, 给... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 User Provision?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install user-provision」即可一键安装,无需额外配置。
User Provision 是免费的吗?
是的,User Provision 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
User Provision 支持哪些平台?
User Provision 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 User Provision?
由 eggyrooch-blip(@eggyrooch-blip)开发并维护,当前版本 v0.5.0。
推荐 Skills