by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
Do not install or enable this skill until you verify the provider and credential requirements. Specific actions to take: 1) Confirm with the skill publisher where MATON_API_KEY should come from and why the registry metadata omits it; demand that the skill declare required env vars and the token's minimum OAuth scopes. 2) Validate Maton (maton.ai / ctrl.maton.ai / gateway.maton.ai) as a trusted third party before giving any token that can read/send mail. 3) Prefer using official Microsoft Graph i...详细分析 ▾
ℹ 用途与能力
The SKILL.md and description align: it proxies Microsoft Graph (Outlook) via Maton Gateway (gateway.maton.ai / ctrl.maton.ai) and exposes mailbox, calendar, contacts, and connection management operations that match the stated purpose. However, the skill has unknown source/homepage metadata, which reduces trustworthiness of the provider.
⚠ 指令范围
The runtime instructions contain numerous curl examples that rely on an environment variable MATON_API_KEY and call ctrl.maton.ai for connection management and gateway.maton.ai for API access. The instructions do not tell the agent to read unrelated local files, but they do instruct use of an undeclared secret (MATON_API_KEY) and to 'open the returned url in your browser' for OAuth flows. The agent will need that API key to act; the SKILL.md expects it but the skill metadata doesn't declare it.
✓ 安装机制
No install spec and no code files — this is instruction-only, which minimizes attack surface from bundled binaries or downloads. However, instruction-only also means there is no code to audit beyond the prose, and network calls will go to Maton endpoints.
⚠ 凭证需求
The SKILL.md requires MATON_API_KEY (a bearer token) for Authorization and demonstrates operations that would grant full mailbox/calendar/contact access. But the registry metadata lists no required environment variables and no primary credential. The absence of a declared primary credential is an inconsistency. Requesting a single API key is proportionate for this functionality, but the key grants sensitive access and the skill should have declared it and documented required scopes and storage/rotation practices.
✓ 持久化与权限
The skill is not always-enabled and does not request system-level persistence or modification of other skills' configs. Autonomous invocation is allowed (the platform default) but this combination with an undeclared sensitive credential increases the blast radius if the key is provided.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/5
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install outlook-matan
镜像加速npx clawhub@latest install outlook-matan --registry https://cn.longxiaskill.com