ClawHub

Microsoft To Do

v1.0.2

Microsoft To Do API integration with managed OAuth. Manage task lists, tasks, checklist items, and linked resources. Use this skill when users want to create, read, update, or delete tasks and task lists in Microsoft To Do. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.

7· 4.7k·7 current·7 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description promise a Microsoft To Do integration; the SKILL.md directs traffic to a Maton gateway (gateway.maton.ai) and Maton control endpoints (ctrl.maton.ai, connect.maton.ai). The single required env var (MATON_API_KEY) is directly used to authorize those requests—this is coherent with the stated purpose.
Instruction Scope
All runtime instructions are explicit HTTP requests to Maton gateway/control endpoints and sample Python snippets that only read os.environ['MATON_API_KEY']. There are no instructions to read arbitrary local files, other env vars, or to exfiltrate data to unexpected endpoints beyond Maton domains. OAuth completion requires opening a Maton-provided URL in a browser (expected for delegated auth).
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. No packages/binaries are installed or downloaded by the skill itself.
Credentials
The skill only requests MATON_API_KEY which is consistent with using Maton's managed OAuth gateway. However, that API key is high-privilege: Maton will proxy calls to your Microsoft account and can read/write tasks. The SKILL.md does not label MATON_API_KEY as a primary credential but uses it as such. Users should ensure they trust Maton and limit/rotate the key as appropriate.
Persistence & Privilege
The skill does not set always:true (good). It also does not set disable-model-invocation, so the platform's default allows the model to invoke the skill autonomously; when invoked, the skill will use the MATON_API_KEY. If you do not want the AI to autonomously access your tasks, consider requiring explicit user invocation or disabling model invocation for this skill.
Assessment
This skill appears internally consistent: it uses a Maton API gateway to access Microsoft To Do and only needs MATON_API_KEY. Before installing, confirm you trust maton.ai (the gateway) because that service will hold and use OAuth tokens to access your Microsoft account. The skill has no install steps (no code is downloaded), but the API key grants read/write access to tasks—use least-privilege or a dedicated key, rotate it if possible, and consider disabling autonomous model invocation if you don't want the agent to access your tasks without explicit requests. Also note the skill's source/homepage are missing; if you require stronger provenance, ask the publisher for contact or documentation before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk977cxnhzhas26k7b8z58nyjgx80xrjr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments