ClawHub

Openclaw Skill M365 Task Manager

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it lets a user manage Microsoft To Do tasks through Microsoft Graph, but it stores reusable Microsoft sign-in tokens locally.

Install only if you are comfortable granting delegated Microsoft Graph access to read and modify your Microsoft To Do tasks. Use a least-privilege Entra app registration, keep the token cache private, delete the cache or revoke app access when finished, and confirm task IDs carefully before update or delete commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to cache OAuth tokens on disk and exposes destructive CRUD actions, including task deletion, without clear warnings about persistent credential storage, filesystem protection, or the consequences of deleting tasks. In a Microsoft 365 context, cached delegated tokens may be reused by other local processes or users if the cache file is inadequately protected, and deletion operations can cause unexpected data loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The playbook explicitly recommends reusing a delegated Microsoft Graph token from a local file for unattended access after initial login, but provides no guidance on securing that cache, limiting its lifetime, or handling privacy implications. A locally persisted refresh/access token can be stolen by other local users, malware, backups, or accidental sharing, enabling unauthorized access to the user's Microsoft 365 data with the delegated scopes previously granted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal