Skillv1.0.4

ClawScan security

Ms Todo Oauth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 13, 2026, 8:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a Microsoft To Do CLI as described, but it contains a hard-coded Azure client credential (client_id/client_secret) baked into the package and a few documentation/test inconsistencies that warrant caution before installing or running it against your account.
Guidance: What to consider before installing or running this skill: - The package explicitly contains an Azure client_id (visible) and, per SKILL.md, a client_secret embedded in scripts/ms-todo-oauth.py. Hard-coded client secrets in distributed code are risky: they may be leaked, abused, or revoked without your knowledge. Expect the code to use those credentials unless you replace them. - Prefer creating your own Azure app registration and replacing the client_id/client_secret in the code (or better: modify the script to read client_id and client_secret from environment variables or a local config file). If you use the included secret, treat it as untrusted and rotate/revoke it after use. - Tests will run real operations against your Microsoft account (create/delete lists, add/delete tasks). Run tests only on an account you control and are willing to let the test suite modify. Consider creating a disposable Microsoft account for testing. - Inspect scripts/ms-todo-oauth.py yourself before running. Look for the client_secret literal (SKILL.md gives search strings like client_id="ca6ec244…" and client_secret="TwQ8Q…") and remove or replace it. Verify no other remote endpoints or data-exfiltration code exist (the README claims all API calls go to graph.microsoft.com, which matches the visible code, but double-check the rest of the file). - The package documentation and test suite use 'uv run' in many examples; that wrapper may not be installed on your system. The package will still run with python3 directly, but tests/examples may fail if you follow docs verbatim. - If you lack the ability to audit code, do not run this against your primary Microsoft account. Instead, run in an isolated environment and with credentials you can revoke. - If you decide to proceed: (1) audit the repository for the hard-coded secret and remove or replace it, (2) adjust the code to read credentials from environment variables, (3) run tests on a disposable account, and (4) consider scanning the package with additional static analysis tools.

Review Dimensions

Purpose & Capability: noteThe name/description match the code and dependencies: the package uses msal and graph.microsoft.com as expected for a Microsoft To Do CLI. However, the SKILL.md explicitly states there is a generated Azure Client ID and Secret embedded in scripts/ms-todo-oauth.py while the registry metadata lists no required credentials — this is an inconsistency (the embedded secret is related to the skill purpose but should not be treated as an innocuous 'no-credentials' package). The test suite and docs also frequently show the use of the 'uv run' wrapper even though required binaries declared 'none'.
Instruction Scope: noteRuntime instructions stay within the expected scope: they direct an OAuth2 login flow, call Microsoft Graph endpoints, and persist a local token cache at ~/.mstodo_token_cache.json. The docs and tests explicitly instruct running an automated test suite that will create and delete lists in your Microsoft account — this is expected behavior for integration tests but important to know. The SKILL.md also instructs users to find and replace client_id/client_secret values in the Python script, which implies sensitive data is present inside the code rather than being injected via environment variables.
Install Mechanism: okThere is no external install script; this is instruction-and-code only. Dependencies are declared in requirements.txt (msal, requests), which is proportional to the described functionality. No remote downloads or unusual install steps are present.
Credentials: concernThe package appears to include a built-in Azure Client ID (DEFAULT_CLIENT_ID is visible) and the SKILL.md warns that a client_secret is present in scripts/ms-todo-oauth.py. The skill declares no required env vars or primary credential, but the code uses msal.ConfidentialClientApplication (a confidential flow typically requiring a client_secret). Hard-coded client_secret values in source are disproportionate from a security perspective: they expose long-lived credentials and shift trust to whoever published this package. The script also persists tokens to ~/.mstodo_token_cache.json (expected for a CLI but persistent).
Persistence & Privilege: noteThe skill persists OAuth tokens to ~/.mstodo_token_cache.json and registers an atexit handler to save cache — standard for a CLI client. Flags show no 'always: true' and no requests to modify other skills or system-wide configurations. Autonomous invocation is allowed (default), which is normal; combined with the embedded credential this increases blast radius somewhat, but the skill itself does not request elevated system privileges.