Security Audit

ms365-tenant-manager

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ms365-tenant-manager received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 25 findings: 1 critical, 24 high, 0 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, PowerShell Command Injection via Unsanitized Input in Generated Scripts.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

25 findings

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings25

Severity	Finding	Layer	Location
CRITICAL	PowerShell Command Injection via Unsanitized Input in Generated Scripts The Python scripts `scripts/powershell_generator.py` and `scripts/user_management.py` are designed to generate PowerShell scripts for Microsoft 365 administration. These Python scripts construct PowerShell commands by directly interpolating input values (e.g., policy names, user principal names, display names, department names) into double-quoted strings within the generated PowerShell code. This process lacks proper sanitization or escaping of special characters. If an attacker can control these input values (e.g., through a crafted CSV file or API call parameters), they can inject arbitrary PowerShell commands by including malicious syntax (e.g., `"; <malicious_command>; #"`) that breaks out of the string literal. When the generated PowerShell script is subsequently executed by a user (likely a Global Administrator), these injected commands would run with elevated privileges, leading to arbitrary code execution and potential tenant compromise. Implement robust input sanitization and escaping for all user-controlled or configuration-derived strings before interpolating them into the generated PowerShell scripts. For PowerShell, this typically involves escaping double quotes (`"` to `""`), backticks, and other special characters, or using safe string formatting methods. A more secure approach would be to pass parameters to the generated PowerShell scripts in a structured way (e.g., as script parameters) rather than embedding them directly into string literals, allowing PowerShell's parser to handle the values safely.	LLM	scripts/powershell_generator.py, scripts/user_management.py:55
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:90
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:91
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:157
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:181
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:204
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:213
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:232
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:254
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:265
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:272
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:273
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:274
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:275
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:278
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:279
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:283
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:357
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:421
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/powershell_generator.py:423
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/user_management.py:87
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/user_management.py:116
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/user_management.py:175
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/user_management.py:190
HIGH	Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/alirezarezvani/ms365-tenant-manager/scripts/user_management.py:199

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/bdcc92f08d5fd69a.svg)](https://skillshield.io/report/bdcc92f08d5fd69a)