Back to skill
Skillv1.0.2
VirusTotal security
ms-todo-sync · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:36 AM
- Hash
- c558cb6d735b492ad5a92ce4971cca695cc031430c15069e60469d1ce2972ce5
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: ms-todo-sync Version: 1.0.2 The OpenClaw skill 'ms-todo-sync' is a benign CLI tool designed to manage Microsoft To Do tasks via the Microsoft Graph API. The code and documentation align perfectly with its stated purpose, utilizing the official Microsoft Authentication Library (MSAL) for secure authentication and directing all API calls to legitimate Microsoft Graph endpoints. There is no evidence of data exfiltration, malicious execution, persistence mechanisms beyond token caching, or obfuscation. The `SKILL.md` explicitly instructs the agent to handle destructive operations and authentication with user confirmation, mitigating prompt injection risks for these sensitive actions. The hardcoded client ID is a public identifier for Microsoft Graph API samples, not a secret, and poses no security threat.
- External report
- View on VirusTotal