Read and send emails, manage calendar events, and organize contacts. Search messages, handle attachments, and schedule meetings.
Source not yet analyzed — this grade rests on attested signals (CVEs, supply-chain) only. It is a floor: reading the code could raise it, not lower it.
- capability exposureinferred+35
- recent driftinferred+5
- tool safetyinferred+25
- trust mitigatorsmixed−8
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 9m ago · see ecosystem CVEs →
- C · 49 → C · 57
no known CVEs for this server.
- highexfiltration comboOUTLOOK_ADD_MAIL_ATTACHMENT
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_CREATE_CONTACT
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_CREATE_EMAIL_RULE
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_CREATE_MAIL_FOLDER
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_DELETE_MAIL_FOLDER
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_DOWNLOAD_OUTLOOK_ATTACHMENT
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_GET_MAIL_DELTA
single tool reads + sends: fs, net, secrets
- highexfiltration comboOUTLOOK_LIST_MESSAGES
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_QUERY_EMAILS
single tool reads + sends: fs, net, db
- highexfiltration comboOUTLOOK_SEND_EMAIL
single tool reads + sends: fs, net
- highexfiltration comboOUTLOOK_UPDATE_EMAIL_RULE
single tool reads + sends: fs, net
- hightoxic flow (lethal trifecta)OUTLOOK_ADD_MAIL_ATTACHMENT
single tool reads private data, ingests untrusted content, and reaches the network: fs, net
- hightoxic flow (lethal trifecta)OUTLOOK_CREATE_EMAIL_RULE
single tool reads private data, ingests untrusted content, and reaches the network: fs, net
- hightoxic flow (lethal trifecta)OUTLOOK_DOWNLOAD_OUTLOOK_ATTACHMENT
single tool reads private data, ingests untrusted content, and reaches the network: fs, net
- hightoxic flow (lethal trifecta)OUTLOOK_GET_MAIL_DELTA
single tool reads private data, ingests untrusted content, and reaches the network: fs, net, secrets
- hightoxic flow (lethal trifecta)OUTLOOK_LIST_MESSAGES
single tool reads private data, ingests untrusted content, and reaches the network: fs, net
- hightoxic flow (lethal trifecta)OUTLOOK_QUERY_EMAILS
single tool reads private data, ingests untrusted content, and reaches the network: fs, net, db
- hightoxic flow (lethal trifecta)OUTLOOK_SEARCH_MESSAGES
single tool reads private data, ingests untrusted content, and reaches the network: net, db
- hightoxic flow (lethal trifecta)OUTLOOK_SEND_EMAIL
single tool reads private data, ingests untrusted content, and reaches the network: fs, net
- hightoxic flow (lethal trifecta)OUTLOOK_UPDATE_EMAIL_RULE
single tool reads private data, ingests untrusted content, and reaches the network: fs, net
- lowexfiltration comboOUTLOOK_SEARCH_MESSAGES
single tool reads + sends: net, db
- recent drift+5 capability drift →
[](https://mcpobservatory.com/servers/smithery:outlook/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of outlook.