officeclaw Security Report — Low Risk | ClawSafe

25 /100

officeclaw

Connect to personal Microsoft accounts via Microsoft Graph API to manage email, calendar events, and tasks

OfficeClaw is a legitimate Microsoft Graph API integration documented in SKILL.md with proper security controls (disabled-by-default writes, OAuth device flow, recipient allowlist). No malicious indicators in documentation; however, actual code resides in a PyPI package that cannot be audited from documentation alone.

Skill Nameofficeclaw

Duration34.5s

Enginepi

✓

Safe to install

Install from PyPI as documented. Set OFFICECLAW_ALLOWED_RECIPIENTS before enabling sending. Prefer read-only scopes (Mail.Read, Calendars.Read) unless write access is needed.

Findings 2 items

Severity	Finding	Location
Low	External PyPI package dependency not auditable Supply Chain The skill's actual implementation resides in the 'officeclaw' package on PyPI (v1.0.4). Only SKILL.md documentation is present in this directory — no scripts or Python files for direct code review. The package cannot be fully vetted without downloading and inspecting the source. `pip install officeclaw` → Verify package integrity (hash, signature) before install. Pin to specific version. Consider mirroring internal PyPI if security policy requires auditable dependencies.	`SKILL.md:30`
Low	Pre-built Azure app registration referenced Doc Mismatch SKILL.md mentions a 'default app registration' ships with the tool for quick-start without Azure setup. This means the tool may be pre-configured with a shared or tool-provided OAuth client ID unless the user opts for their own Azure app registration. `OfficeClaw ships with a default app registration — just run officeclaw auth login` → Create your own Azure App Registration for full isolation. Using the default app shares OAuth infrastructure with other users of the tool.	`SKILL.md:38`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md - CLI commands (officeclaw mail send, calendar create, etc.)
Network	`READ`	`READ`	✓ Aligned	SKILL.md - Microsoft Graph API access to graph.microsoft.com
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md - Reads ~/.officeclaw/token_cache.json for auth tokens
Environment	`READ`	`READ`	✓ Aligned	SKILL.md - Reads OFFICECLAW_CLIENT_ID, OFFICECLAW_ENABLE_SEND from .env
Skill Invoke	`READ`	`READ`	✓ Aligned	SKILL.md - user-invocable skill with documented commands

4 findings

🔗

Medium External URL 外部 URL

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app

SKILL.md:46

🔗

Medium External URL 外部 URL

https://entra.microsoft.com

SKILL.md:50

🔗

Medium External URL 外部 URL

https://docs.microsoft.com/graph/

SKILL.md:237

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai

SKILL.md:238

File Tree

1 files · 9.5 KB · 238 lines

Markdown 1f · 238L

└─ 📝 SKILL.md Markdown 238L · 9.5 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`officeclaw`	`1.0.4`	pypi	No	PyPI package — actual code not present in skill directory for review
`graph.microsoft.com`	`API`	network	No	Official Microsoft Graph API endpoint — expected traffic

Security Positives

✓ Write operations (send, delete) are disabled by default — prevents accidental actions

✓ Recipient allowlist (OFFICECLAW_ALLOWED_RECIPIENTS) provides hard boundary against unauthorized email delivery

✓ Uses OAuth 2.0 device code flow — no client secrets stored, standard authentication

✓ Tokens stored with 600 file permissions in ~/.officeclaw/

✓ Least-privilege permissions model — read-only scopes are sufficient for most use cases

✓ No telemetry or data collection mentioned in documentation

✓ No hardcoded credentials or API keys in documentation

✓ Well-structured documentation with clear security guidance

✓ Blocks are logged to email-blocked.log for audit trail

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives