ClawHub

Microsoft To Do

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Microsoft To Do purpose, but it should be reviewed because it tells agents to bypass delete confirmations and gives weak handling guidance for Microsoft OAuth secrets.

Install only if you trust the upstream `microsoft-todo-cli` package and are comfortable granting it Microsoft To Do access. Before any delete operation, require the agent to show the exact task or list and get explicit confirmation, preferably using stable IDs. Treat `keys.yml` and OAuth tokens as secrets: restrict file permissions, do not print or share them, and rotate the Azure app secret if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents destructive deletion commands and explicitly instructs always using `-y` to suppress confirmation, which increases the chance that an agent or user will irreversibly delete tasks or lists without a safety checkpoint. In this context, the danger is amplified because task/list identifiers can be unstable by index or name, so an automated delete may target the wrong item.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells users to store credentials in `~/.config/microsoft-todo-cli/keys.yml` and complete an OAuth flow, but provides no warning that these are sensitive secrets requiring careful handling. In an agent setting, this can lead to accidental exposure of client secrets, tokens, or config contents through logs, screenshots, command output, or over-broad file access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions direct users to place a long-lived OAuth client secret in a plaintext file under their home directory without any warning about credential sensitivity, file permissions, encryption, or safer alternatives. If the file is read by another local user, malware, backups, or accidentally committed/shared, an attacker could impersonate the registered application and abuse Microsoft API access tied to that app configuration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal