Skillv1.0.2

ClawScan security

ms-todo-sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:29 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime behavior are consistent with a Microsoft To Do CLI backed by Microsoft Graph; it requests no unrelated credentials and only stores OAuth tokens locally, but the provided source was partially truncated so full-file review is incomplete.
Guidance: This skill appears to be what it claims: a Microsoft To Do CLI that uses MSAL device-code flow and stores tokens locally. Before installing: (1) review the full scripts/ms-todo-sync.py file yourself (the provided file preview was truncated here), (2) run in an isolated Python virtualenv (uv or pip install -r requirements.txt) rather than globally, (3) be aware the token cache (~/.mstodo_token_cache.json) is stored unencrypted—treat it like a password and delete or revoke tokens when no longer needed, (4) if you prefer, register your own Azure AD app and supply your own client ID instead of using the built-in default, and (5) confirm network calls are only to microsoftonline.com / graph.microsoft.com during your review. If you cannot review the full code, exercise caution or request the complete source before use.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the package uses msal and requests to call Microsoft Graph, provides device-code login, and implements list/task operations. Declared dependencies (msal, requests) and Python >=3.9 are proportionate. A default public client ID is included (common for CLI tools) and is plausible for the stated purpose.
Instruction Scope: okSKILL.md's runtime instructions are narrowly scoped to installing dependencies, running the CLI, and performing a device-code login flow. Instructions reference only local token cache files (~/.mstodo_token_cache.json and ~/.mstodo_device_flow.json) and Microsoft endpoints; they do not instruct reading unrelated system files, scanning environment variables, or posting data to unexpected endpoints.
Install Mechanism: noteThere is no automated install spec in the registry entry (instruction-only), but the repository includes pyproject/requirements and a Python script. Installation is manual via uv or pip as documented — low-risk if the user inspects the code. Note: the registry entry lacking an automated install spec while shipping code is not dangerous by itself but means users must run installs themselves.
Credentials: noteThe skill does not request environment variables or extra credentials beyond OAuth device flow, which is appropriate. It does persist token and device-flow JSON files in the user's home directory in plaintext; this is expected for a simple CLI but is sensitive (tokens grant Tasks.Read/Tasks.ReadWrite scopes) and users should protect those files and consider using their own app/client ID if desired.
Persistence & Privilege: okThe skill does not request elevated or platform-wide privileges, and always:false. It registers an atexit cache-save handler and writes only its own token/device-flow files under the user's home directory. It does not modify other skills or system-wide agent configs (based on visible code).