📦 Outlook Add-in — 邮件助手
v0.2.0在 Microsoft Outlook 侧边栏内嵌入 OpenClaw 智能体,随时针对任意邮件对话、调用工具并执行任务,让邮箱秒变 AI 工作站。
0· 66·0 当前·0 累计
by @nachtsheim下载技能包
最后更新
2026/3/27
安全扫描
OpenClaw
安全
medium confidenceThe skill's instructions and requirements are internally consistent with creating an Outlook sidebar that connects to a local OpenClaw Gateway, but it relies on running third‑party code and intentionally exposes your agent to Outlook — review the repository, manifest, and Gateway auth before installing.
评估建议
This skill is coherent for adding an Outlook sidebar that connects to your local OpenClaw Gateway, but it relies on running third‑party code and intentionally exposes your agent inside Outlook. Before proceeding: 1) Inspect the GitHub repository and manifest.xml — confirm the code is trustworthy, review requested Outlook permissions, and check recent commits/maintainer reputation. 2) Do not add https://localhost:3000 to Gateway allowed origins unless you trust the add-in; ensure your Gateway req...详细分析 ▾
✓ 用途与能力
The name/description (Outlook sidebar add-in exposing the agent) matches the runtime instructions: clone a GitHub repo, run the local dev server, sideload manifest, and add localhost as an allowed origin in the Gateway. Nothing requested in the SKILL.md appears unrelated to building an Outlook add-in.
ℹ 指令范围
Instructions are narrowly focused on building and sideloading a web add-in. However, the add-in design explicitly grants Outlook a connection to your full OpenClaw agent ("all tools, skills, and automations"), which is a broad capability and increases attack surface — the SKILL.md correctly instructs adding https://localhost:3000 to Gateway allowed origins, which is necessary but should be done only after ensuring proper Gateway authentication and trust in the add-in code.
ℹ 安装机制
This is instruction-only (no install spec in metadata), lowering direct platform risk. But the Quick Start tells the user to clone an external GitHub repo and run npm install and a local server — that pulls third-party code onto the machine. The repo is hosted on GitHub (a common release host), which is expected, but running unreviewed npm packages and starting a dev server is potentially risky and merits review.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which aligns with the SKILL.md. Nonetheless, its purpose is to expose the full agent to Outlook; doing so effectively grants the add-in access to the agent's capabilities. Users must ensure the Gateway enforces authentication/authorization and CORS are configured appropriately — lack of explicit creds in the skill doesn't eliminate the privilege escalation risk at runtime.
✓ 持久化与权限
The skill does not request permanent inclusion (always:false), does not modify other skills or system-wide agent settings, and is user-invocable. Running as an Outlook sidebar is expected behavior and not inherently excessive.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.02026/3/27
- Introduces the OpenClaw Outlook add-in, enabling seamless integration of OpenClaw agent features directly within Microsoft Outlook. - Allows users to chat with their agent about any email, draft replies, and access all agent tools from the Outlook sidebar. - Supports both Outlook Desktop (Classic) and Outlook Web (OWA). - Simple setup process provided, with links to the repository and detailed documentation.
● 可疑
安装命令
点击复制官方npx clawhub@latest install outlook-addin
镜像加速npx clawhub@latest install outlook-addin --registry https://cn.longxiaskill.com