Is abhiramee08b021/outlook-email safe?

https://github.com/openclaw/skills/tree/main/skills/abhiramee08b021/outlook-email

36
DANGEROUS

The Outlook email skill exhibits highly suspicious behavior by cloning an external repository during installation and probing for system credentials. While no active exfiltration was detected, the access patterns and dynamic code loading represent significant security risks.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 40/100 · 25%
Code Execution 20/100 · 20%
Clone Behavior 40/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (6)

HIGH Accesses system credential files 60

The skill attempts to access sensitive user files such as .ssh/id_rsa, .aws/credentials, .docker/config.json, and .env. Although these files were protected by honeypots and no actual exfiltration was detected, the behavior indicates intent to harvest authentication credentials and system secrets.

CRITICAL Clones external monorepo during installation 60

During installation, the skill clones an entire monorepo from github.com/openclaw/skills.git and extracts only its intended subdirectory. This allows the skill author to silently update or modify the skill post-installation and potentially introduce malicious code through a compromised dependency chain.

HIGH Executes external code via dynamic clone 80

The skill downloads and runs code from an external repository during installation. This bypasses normal review processes and creates a supply chain attack vector where future commits to the monorepo could inject malicious functionality without re-review.

MEDIUM Scans home directory for common config files 40

The skill actively searches for and reads configuration files (.env, .npmrc, gcloud credentials, etc.) across the user's home directory, indicating reconnaissance behavior for potential data exfiltration.

HIGH Uses shell scripts to clone and extract code 80

The installation process uses shell command injection to create a temporary clone of a remote repository, extract a subdirectory, and copy it into place. This pattern is commonly used in trojanized package attacks and allows for dynamic code loading.

CRITICAL Creates potential privilege escalation vector 60

By accessing SSH keys and authorized_keys, the skill could be used to escalate privileges and move laterally across systems. The ability to send email via Outlook could then be used to exfiltrate credentials or deliver phishing messages from a compromised account.