v1.0.0

Microsoft To Do

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

This is a coherent Microsoft To Do skill, but it should be reviewed because it can delete tasks or lists while bypassing confirmations and uses local Microsoft OAuth credentials.

GuidanceBefore installing, be comfortable granting the CLI access to your Microsoft To Do account. Treat delete operations carefully: ask the agent to show the target task or list first, confirm explicitly, and avoid blanket use of no-confirmation deletion unless you are sure.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- **Always use `-y`** with `rm` commands to skip confirmation

This makes the no-confirmation path the default for destructive delete commands, including task and list removal.

User impactIf the agent misunderstands a request or targets the wrong item, tasks or entire lists could be deleted without the CLI asking for confirmation.

RecommendationRequire explicit user confirmation before any delete operation, identify items by stable IDs where possible, and only use `-y` after the user has confirmed the exact task or list to remove.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

install spec

uv | package: microsoft-todo-cli | creates binaries: todo

The skill's runtime behavior depends on an external package rather than bundled code in the submitted artifacts.

User impactInstalling the skill means trusting the external CLI package that handles Microsoft authentication and account mutations.

RecommendationInstall from the expected package source, review the package/homepage before use, and keep the CLI updated from a trusted source.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

references/setup.md

Add your credentials to `~/.config/microsoft-todo-cli/keys.yml`:

client_id: "your-application-client-id"
client_secret: "your-client-secret-value"

The skill requires Microsoft app credentials and an OAuth flow to access the user's Microsoft To Do account.

User impactThe CLI will have delegated access to the user's Microsoft To Do data, and local credential/token files should be protected.

RecommendationUse a dedicated Azure app registration, store `keys.yml` and `token.json` securely, and revoke or rotate the app secret if the machine or files may be exposed.