Skip to content

juhap/o365-skill

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Skill for accessing Office 365 email

This is a Python script and skill for AI agents that provides read-only access to Microsoft 365 email boxes. This project is not affiliated with, endorsed by, or sponsored by Microsoft.

Skill requires an application registration on your Entra. Once registered as an app, you can then use the skill and give access rights to your inbox.

SECURITY NOTE: Even though the skill only gets read-only access to your emails, it can still do serious damage. Consider all the services where you can reset your password by requesting a confirmation link to your email. Giving an agent access to your email can be dangerous in ways you can't imagine.

SECURITY NOTE 2: Accessing the emails requires managing access tokens. Due to way the script works, these need to be stored somewhere between executions. In this case they are stored in temporary folder. They are encrypted, but the agent holds the encryption key. This does not provide true safety, but may help in some cases where old files are left laying around.

Seal of approval - 100% vibe coded

Installing the skill

Copy the o365 -folder to your agent's skills -directory.

Configuring email access

Before using this skill, you need to register an app on Microsoft Entra and obtain client id. This requires admin privileges to your Entra.

1. View Entra applications

Navigate to https://entra.microsoft.com/

From the left menu select App registrations

Entra menu - app registrations

2. Create a new app

Select New registration

Select new registration

Enter a name for this app. You can use any name. Probably a good idea to use something that is not too generic so that it's easy to recognize this in the lists and authentication dialogs.

Enter application name

3. Allow public client flow

On the authentication, enable "Allow public client flows"

Configure authentication

4. Configure API permissions

Next you need to setup the permissions for the app.

Start by selecting Microsoft Graph

API permissions - Microsoft graph

Add the necessary permissions. The skill requires following permissions:

  • Mail.Read
  • offline_access
  • User.Read

API permissions - add permission

Once done, the app should have these permissions

API permissions - list

5. Pick up the client_id

Go back to the overview page and take a note of the "Application (client) ID". You need to pass this to the skill so that it can do authentication

Application info, client id

Python dependencies

The script encrypts tokens using the cryptography package, and stores the encrypted data in the OS temp directory. Install the dependency:

pip install cryptography

When you run auth start or auth login, the script prints a Session key. Keep it secret and pass it on every subsequent call using --session-key or the O365CLIENT_SESSION_KEY environment variable. If the key is lost, re-authenticate.

Feedback

Contact me via email at [email protected] or via X @jpalomak, or juhapalomaki.fi

About

Python script and skill for AI agents that provides read-only access to Microsoft 365 email boxes.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages