Microsoft To Do

Security checks across malware telemetry and agentic risk

Overview

This Microsoft To Do skill uses disclosed OAuth sign-in and local token caching to manage To Do tasks, with a real but manageable credential-storage hardening gap.

Install only if you are comfortable granting Microsoft Graph To Do access and storing OAuth tokens locally. Keep the config directory private, avoid sharing token.json or device_code.json, delete token.json when you stop using the skill, and prefer owner-only file permissions or OS credential storage if adapting the helper.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script persists OAuth device-code and token responses to disk, including refresh and access tokens, but does not set restrictive file permissions or clearly warn the user that bearer credentials are being stored locally. In an agent/skill context, local token files can be reused by other local processes or users if the config directory is shared, backed up, or created with permissive defaults, enabling unauthorized access to the user's Microsoft To Do data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal