ClawHub

Mog

Security checks across malware telemetry and agentic risk

Overview

Mog is a coherent Microsoft 365 CLI, but it needs Review because it can change or delete live account data and stores OAuth tokens with weaker-than-described defaults.

Install only if you are comfortable giving this CLI broad delegated access to your Microsoft 365 account. Prefer an isolated or least-privileged Azure app, use keychain storage where possible, avoid running delete or clear commands through automation without human review, and treat ~/.config/mog/tokens.json as sensitive if file storage is used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation includes destructive operations such as delete, rm, clear, and update across mail, calendar, drive, tasks, contacts, and OneNote without warning users about irreversible effects or recommending confirmation safeguards. In a CLI that operates on live Microsoft 365 content, this increases the likelihood of accidental data loss, especially when used by autonomous agents or through copied examples.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The delete command immediately issues a destructive API call against `/me/events/{id}` with no confirmation prompt, dry-run mode, or explicit force flag. In a CLI handling live Microsoft 365 data, this increases the risk of accidental or scripted deletion of calendar events, especially when event IDs are copied incorrectly or commands are automated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The delete command immediately issues `client.Delete` on the target contact ID with no confirmation, dry-run, or safety interlock. In a CLI that performs real account operations against Microsoft 365 data, this increases the chance of accidental or scripted irreversible deletion from mistyped IDs, unsafe automation, or prompt-injection-driven agent actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The write integration tests execute real create operations against a live Microsoft 365 environment and do not implement cleanup or present any explicit runtime warning that persistent data will be left behind. While gated by environment variables, an authorized user or CI job that enables these tests can unintentionally pollute tenant data, create confusing artifacts, and incur operational side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The clear command performs a bulk destructive action by deleting all completed tasks in a list without any confirmation prompt, dry-run mode, or explicit force flag. In a CLI that operates against a live Microsoft 365 account, accidental invocation, scripting mistakes, or use against the wrong default list can cause irreversible data loss for the user.

Credential Access

High
Category
Privilege Escalation
Content
// SaveTokensAuto saves tokens using the current storage type.
func SaveTokensAuto(tokens *Tokens) error {
	switch CurrentStorage {
	case StorageKeyring:
		return SaveTokensKeyring(tokens)
	default:
		return SaveTokens(tokens)
Confidence
86% confidence
Finding
Keyring

Credential Access

High
Category
Privilege Escalation
Content
func SaveTokensAuto(tokens *Tokens) error {
	switch CurrentStorage {
	case StorageKeyring:
		return SaveTokensKeyring(tokens)
	default:
		return SaveTokens(tokens)
	}
Confidence
86% confidence
Finding
Keyring

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal