Outlook Automation plugin
Outlook Automation plugin
Overview
The Outlook Automation plugin provides enterprise-grade email automation from within Claude Code. It uses secure credential management with the system keychain and resilient browser automation to read, search, and process Outlook emails. The plugin supports two-factor authentication, chronological email processing, and AI-powered task extraction.
The plugin operates in read-only mode by default. Write operations such as sending, deleting, or forwarding emails are architecturally prevented and require explicit security validation with user confirmation.
Version: 7.4.1 Author: Thomas Hudak
Installation
claude plugin install outlook-automation@otc-awesome-llm
Prerequisites
- Python 3.8 or later
- The
keyringpackage for system keychain integration - A browser automation runtime (agent-browser)
pip install keyring
Authentication
The plugin stores credentials in the operating system's native keychain. Passwords are never written to plaintext files.
First-time setup
python scripts/outlook_login.py --setup
The setup wizard prompts for:
- Your email address.
- Your password (hidden input).
Both values are stored in the system keychain.
Logging in
# First login (visible browser for 2FA)
python scripts/outlook_login.py
# Use saved authentication state for subsequent logins
python scripts/outlook_login.py --use-saved-auth
# Headless mode (after initial 2FA is complete)
python scripts/outlook_login.py --headless
The browser automation uses a multi-strategy element selection approach with primary selectors, CSS fallbacks, and semantic locators to handle Outlook UI changes gracefully.
Capabilities
Skill trigger phrases
The skill activates when Claude detects phrases such as:
- "check my emails"
- "create email digest"
- "extract tasks from emails"
- "login to outlook"
- "automate outlook"
- "email automation"
Email digest creation
Generate a categorized summary of your inbox:
# Generate digest
python scripts/email_digest.py
# Write to a specific file
python scripts/email_digest.py --output ~/Documents/email_summary.md
# Print to terminal
python scripts/email_digest.py --print
Task extraction for Claude
Extract actionable tasks from emails and format them as Claude-ready prompts:
# Extract all tasks
python scripts/task_converter.py
# Filter by priority level
python scripts/task_converter.py --priority high
# Output as JSON
python scripts/task_converter.py --output-format json
# Process more emails
python scripts/task_converter.py --max-emails 50
The task extractor generates structured output with sender context, timestamps, action items, and ready-to-use Claude prompts for each extracted task.
Chronological email processing
Process large email backlogs from oldest to newest with skip and resume capability:
# Process up to 250 emails
python scripts/chronological_processor.py --max-emails 250
# Resume a previously interrupted session (automatic)
python scripts/chronological_processor.py
# Configure skip criteria
python scripts/chronological_processor.py --skip-long 10000 --skip-attachments 5
# Skip emails from specific senders
python scripts/chronological_processor.py --skip-sender "noreply@" --skip-sender "notifications@"
# Review previously skipped emails
python scripts/chronological_processor.py --review-skipped
# Dry run to preview what would be processed
python scripts/chronological_processor.py --dry-run
Processing state is saved every 10 emails to
~/.outlook-automation/chronological_state.json, allowing you to interrupt and
resume at any time.
Skip queue management
Emails are automatically skipped based on configurable criteria:
| Criteria | Default |
|---|---|
| Body length threshold | 5000 characters |
| Attachment count | More than 3 attachments |
| Sender patterns | noreply@, notifications@ |
| Subject patterns | "Newsletter", "Automated" |
Configuration
Create a configuration file at ~/.outlook-automation/config.json:
{
"email": "[email protected]",
"task_conversion": {
"keywords": ["TODO", "action required", "urgent"],
"priority_indicators": {
"high": ["urgent", "ASAP", "critical"],
"medium": ["important", "priority"],
"low": ["when you can", "no rush"]
}
},
"digest_settings": {
"max_emails_per_category": 5,
"exclude_domains": ["noreply@", "notifications@"]
}
}
Protect the configuration directory:
mkdir -p ~/.outlook-automation
chmod 700 ~/.outlook-automation
chmod 600 ~/.outlook-automation/config.json
Security architecture
The plugin implements multiple layers of protection:
| Layer | Component | Purpose |
|---|---|---|
| Credential storage | secure_credentials.py | System keychain integration, email validation, password strength checking |
| Operation validation | security_validator.py | Classifies operations as READ/WRITE/DELETE/SEND, enforces confirmation |
| Content sanitization | email_sanitizer.py | Neutralizes prompt injection in email content |
| Browser client | outlook_client.py | Fail-closed architecture, no shell injection (shell=False with shlex.split()) |
| Audit logging | security_validator.py | Timestamps and logs all operations with rate limiting |
Shadow prompting protection
Email content is automatically sanitized against prompt injection attacks. The sanitizer detects 20+ known techniques including:
- Direct instruction overrides ("ignore all previous instructions").
- Hidden instructions in HTML comments or invisible Unicode characters.
- Role confusion attempts.
- Code block injections disguised as samples.
- Context manipulation through subtle behavioral changes.
Each email receives a risk score:
| Level | Description |
|---|---|
| Low | Clean email with no detected threats |
| Medium | Minor suspicious patterns |
| High | Multiple threat indicators or known attack patterns |
| Critical | Clear prompt injection attempt requiring special handling |
High-risk emails are wrapped with prominent warnings before being presented to the user.
Included scripts
| Script | Purpose |
|---|---|
secure_credentials.py | System keychain credential management with validation |
security_validator.py | Write operation protection and audit logging |
email_sanitizer.py | Shadow prompting protection and content sanitization |
outlook_client.py | Secure email client with fail-safe architecture |
outlook_login.py | Secure login with 2FA support |
email_digest.py | Intelligent email categorization and summarization |
task_converter.py | AI-powered task extraction for Claude |
chronological_processor.py | Process emails chronologically with skip capability |
Comparison with Teams Automation
| Aspect | Outlook Automation | Teams Automation |
|---|---|---|
| Authentication | Browser automation with keychain | OAuth2 with Azure AD tokens |
| Data source | Emails from inbox and folders | Messages from channels and chats |
| Platform support | Requires browser runtime | Cross-platform via Graph API |
| Message format | HTML emails | Markdown and Adaptive Cards |
| Security model | Same fail-safe architecture | Same fail-safe architecture |
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| "No credentials found" | First-time setup not completed | Run python outlook_login.py --setup |
| "Security validator not found" | Missing script files | Reinstall the plugin |
| "Element not found" | Outlook UI changed | Update selectors in outlook_client.py |
| "Session expired" | Authentication state stale | Run python outlook_login.py to re-authenticate |
Related
- Plugin catalog -- Overview of all available plugins
- Teams Automation plugin -- Teams counterpart using the same security architecture