🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
BytesAgain β€Ί Skills β€Ί M365 Unified
πŸ¦€ ClawHub

M365 Unified

by @felox63

Unified Microsoft 365 skill for OpenClaw with modular features for Exchange Online (Email), SharePoint, OneDrive, and Planner. Supports webhooks for real-tim...

Versionv2.0.0
#requires-oauth-token#requires-sensitive-credentials#clawhub
πŸ’‘ Examples

1. Install Dependencies

cd m365-unified
npm install

2. Run Setup Wizard

npm run setup

or

node scripts/setup-wizard.js

The interactive wizard will:

  • Ask which features you need (Email, SharePoint, OneDrive, Planner, Webhooks)
  • Generate a personalized .env file with placeholders
  • Provide a checklist for Azure AD app registration
  • Show required API permissions based on your selections
  • Guide you through mailbox access restrictions

    • 3. Configure Azure AD App Registration

    #### Step 1: Create App Registration

    1. Go to Azure Portal β†’ Azure Active Directory β†’ App registrations 2. Click New registration 3. Name: m365-unified-skill (or your choice) 4. Supported account types: Single tenant 5. Redirect URI: Leave empty (not needed for app-only auth) 6. Click Register

    #### Step 2: Create Client Secret

    1. In your app registration β†’ Certificates & secrets 2. Click New client secret 3. Description: m365-unified-secret 4. Expires: Choose 12-24 months 5. Click Add 6. ⚠️ IMPORTANT: Copy the secret value immediately (you can't see it again!)

    #### Step 3: Configure API Permissions

    1. In your app registration β†’ API permissions 2. Click Add a permission β†’ Microsoft Graph 3. Select Application permissions (NOT delegated!) 4. Add the permissions you need:

    | Feature | Permissions | |---------|-------------| | Email (read) | Mail.Read | | Email (send) | Mail.Send | | Email (full) | Mail.ReadWrite | | SharePoint | Sites.ReadWrite.All | | OneDrive | Files.ReadWrite.All | | Planner | Tasks.ReadWrite, Group.Read.All | | Webhooks | User.Read (minimum for validation) |

    5. Click Grant admin consent for [Your Tenant] (admin action required)

    #### Step 4: Copy IDs

    From the app registration Overview page, copy:

  • Application (client) ID β†’ M365_CLIENT_ID
  • Directory (tenant) ID β†’ M365_TENANT_ID

    • 4. Configure Environment

    Copy the template and fill in your values:

    cp config/template.env .env

    Edit .env:

    # Required - Authentication
M365_TENANT_ID=""
M365_CLIENT_ID=""
M365_CLIENT_SECRET=""
    Optional - Feature Toggles
    
M365_ENABLE_EMAIL=true
M365_ENABLE_SHAREPOINT=false
M365_ENABLE_ONEDRIVE=false
M365_ENABLE_PLANNER=false
M365_ENABLE_WEBHOOKS=false
    Optional - Module Config
    
M365_MAILBOX="user@domain.com"
M365_SHARED_MAILBOXES="team1@domain.com,team2@domain.com"
M365_SHAREPOINT_SITE_ID=".sharepoint.com,,"
M365_PLANNER_GROUP_ID=""
M365_WEBHOOK_URL="https://your-domain.com/webhook/m365"
M365_WEBHOOK_SECRET=""

    5. Test Connection

    npm test

    or
    
node scripts/test-connection.js

    πŸ“‹ Tips & Best Practices

    1. Never commit .env - Already in .gitignore 2. Use app-only permissions (not delegated) for automated tasks 3. Restrict mailbox access via Azure AD app assignment 4. Rotate secrets every 12-18 months 5. Monitor sign-in logs in Azure AD regularly 6. Use HTTPS for webhook endpoints 7. Validate webhook signatures with client state secret

    Mailbox Access Restrictions

    By default, Mail.ReadWrite grants access to ALL mailboxes in the tenant. To restrict:

    #### Option 1: Azure AD App Assignment (Recommended)

    1. Azure AD β†’ Enterprise Apps β†’ Your App β†’ Users and groups 2. Add ONLY the users/mailboxes that should have access 3. Remove "All users" if present

    #### Option 2: Application Access Policies (Exchange PowerShell)

    # Create security group with specific mailboxes
New-DistributionGroup -Name "M365AppAccess" -Type Security
    Add mailboxes to group
    
Add-DistributionGroupMember -Identity "M365AppAccess" -Member "user@domain.com"
    Create access policy
    
New-ApplicationAccessPolicy -AppId "CLIENT-ID" -PolicyScopeGroupId "M365AppAccess" -AccessRight RestrictAccess

    Permission Scopes Reference

    | Feature | Minimum Permissions | Recommended | |---------|-------------------|-------------| | Email (read) | Mail.Read | Mail.Read | | Email (send) | Mail.Send | Mail.Send | | Email (full) | Mail.ReadWrite | Mail.ReadWrite | | SharePoint | Sites.Read.All | Sites.ReadWrite.All | | OneDrive | Files.Read.All | Files.ReadWrite.All | | Planner | Tasks.Read, Group.Read | Tasks.ReadWrite, Group.Read.All | | Webhooks | User.Read | User.Read |

    View on ClawHub
    TERMINAL
    clawhub install m365-unified

    πŸ§ͺ Use this skill with your agent

    Most visitors already have an agent. Pick your environment, install or copy the workflow, then run the smoke-test prompt above.

    Manus
    Task-oriented agent. Great for testing AI skills end-to-end.
    Try Manus β†’
    OpenClaw
    Local-first agent. Install skills via ClawHub CLI.
    Set up OpenClaw β†’
    Claude Code
    Anthropic's coding agent. Paste the prompt or SKILL.md into your session.
    Claude Code docs β†’
    Cursor
    AI-powered IDE. Use the smoke-test prompt in Cursor Agent.
    Open Cursor β†’
    Continue.dev
    Open-source AI code assistant. Add SKILL.md as a custom tool.
    Continue docs β†’
    Windsurf
    Agentic IDE by Codeium. Paste the prompt into Cascade.
    Try Windsurf β†’
    Cline
    VS Code extension for autonomous coding with MCP tools.
    Cline on GitHub β†’
    Copilot Workspace
    GitHub's AI dev environment. Suitable for code-generation skills.
    Copilot Workspace β†’

    πŸ” Can't find the right skill?

    Search 60,000+ AI agent skills β€” free, no login needed.

    Search Skills β†’