ms-todo-sync

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill appears to be a disclosed Microsoft To Do command-line client, but it needs Microsoft task read/write access, stores a local token cache, and includes destructive task/list commands that users should approve carefully.

This looks like a purpose-aligned Microsoft To Do CLI. Before installing, understand that it can read and change your To Do lists and tasks after you sign in, and it stores a local login cache. Be careful with delete commands, especially any command using '-y', and consider using locked dependency versions for reproducible installation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Installing and using the skill can allow the local CLI to read and modify Microsoft To Do data for the signed-in account until the cached login is cleared or expires.

Why it was flagged

The skill requests Microsoft To Do read/write permissions and stores an MSAL token cache in the user's home directory.

Skill content

self.scopes = ["Tasks.Read", "Tasks.ReadWrite"] ... cache_file = os.path.join(Path.home(), ".mstodo_token_cache.json")

Recommendation

Only sign in with the intended Microsoft account, review the permissions shown during Microsoft login, and use the documented logout command if you want to clear the cached login.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken or overly broad command could delete task lists or tasks from the user's Microsoft To Do account.

Why it was flagged

The documented CLI can delete Microsoft To Do lists and includes an option to bypass confirmation.

Skill content

uv run scripts/ms-todo-sync.py delete-list "<name>" [-y] ... `-y, --yes` ... Skip confirmation prompt ... This is a destructive operation

Recommendation

Require explicit user confirmation before deletion, avoid using '-y' unless the user specifically asks for it, and verify the target list or task before running destructive commands.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Dependency behavior could change over time depending on which versions pip or uv installs.

Why it was flagged

The required Python packages are purpose-aligned but are not pinned to exact versions, so future installs may resolve to different package versions.

Skill content

msal>=1.34.0 ... requests>=2.32.5 ... For reproducible builds, consider using 'pip freeze' or 'uv lock' to generate exact versions

Recommendation

Prefer installing from a locked dependency set when possible, or review resolved package versions before use.