Openclaw Skill M365 Task Manager

The OpenClaw skill bundle is classified as benign. The `SKILL.md` provides clear, non-manipulative instructions for the AI agent and user. The `scripts/format-task-name.sh` is a simple, safe shell script for string formatting. The core logic in `scripts/m365-todo.mjs` uses official Microsoft authentication libraries (`@azure/msal-node`) to interact with the Microsoft Graph API for To Do tasks. It handles token caching in a standard user-specific cache directory (`~/.cache/openclaw/m365-task-manager-token.json`) and validates inputs where appropriate (e.g., date formats, resolving list IDs from the API). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.