← Back to Skills Marketplace
1324
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install ms-todo-sync
Description
A CLI skill to manage Microsoft To Do tasks via Microsoft Graph API. Supports listing, creating, completing, deleting, searching tasks and lists, viewing overdue/today/pending tasks, and exporting data.
Usage Guidance
This skill appears to be what it claims: a Microsoft To Do CLI that uses MSAL device-code flow and stores tokens locally. Before installing: (1) review the full scripts/ms-todo-sync.py file yourself (the provided file preview was truncated here), (2) run in an isolated Python virtualenv (uv or pip install -r requirements.txt) rather than globally, (3) be aware the token cache (~/.mstodo_token_cache.json) is stored unencrypted—treat it like a password and delete or revoke tokens when no longer needed, (4) if you prefer, register your own Azure AD app and supply your own client ID instead of using the built-in default, and (5) confirm network calls are only to microsoftonline.com / graph.microsoft.com during your review. If you cannot review the full code, exercise caution or request the complete source before use.
Capability Analysis
Type: OpenClaw Skill
Name: ms-todo-sync
Version: 1.0.2
The OpenClaw skill 'ms-todo-sync' is a benign CLI tool designed to manage Microsoft To Do tasks via the Microsoft Graph API. The code and documentation align perfectly with its stated purpose, utilizing the official Microsoft Authentication Library (MSAL) for secure authentication and directing all API calls to legitimate Microsoft Graph endpoints. There is no evidence of data exfiltration, malicious execution, persistence mechanisms beyond token caching, or obfuscation. The `SKILL.md` explicitly instructs the agent to handle destructive operations and authentication with user confirmation, mitigating prompt injection risks for these sensitive actions. The hardcoded client ID is a public identifier for Microsoft Graph API samples, not a secret, and poses no security threat.
Capability Assessment
Purpose & Capability
Name/description match the actual behavior: the package uses msal and requests to call Microsoft Graph, provides device-code login, and implements list/task operations. Declared dependencies (msal, requests) and Python >=3.9 are proportionate. A default public client ID is included (common for CLI tools) and is plausible for the stated purpose.
Instruction Scope
SKILL.md's runtime instructions are narrowly scoped to installing dependencies, running the CLI, and performing a device-code login flow. Instructions reference only local token cache files (~/.mstodo_token_cache.json and ~/.mstodo_device_flow.json) and Microsoft endpoints; they do not instruct reading unrelated system files, scanning environment variables, or posting data to unexpected endpoints.
Install Mechanism
There is no automated install spec in the registry entry (instruction-only), but the repository includes pyproject/requirements and a Python script. Installation is manual via uv or pip as documented — low-risk if the user inspects the code. Note: the registry entry lacking an automated install spec while shipping code is not dangerous by itself but means users must run installs themselves.
Credentials
The skill does not request environment variables or extra credentials beyond OAuth device flow, which is appropriate. It does persist token and device-flow JSON files in the user's home directory in plaintext; this is expected for a simple CLI but is sensitive (tokens grant Tasks.Read/Tasks.ReadWrite scopes) and users should protect those files and consider using their own app/client ID if desired.
Persistence & Privilege
The skill does not request elevated or platform-wide privileges, and always:false. It registers an atexit cache-save handler and writes only its own token/device-flow files under the user's home directory. It does not modify other skills or system-wide agent configs (based on visible code).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ms-todo-sync - After installation, invoke the skill by name or use
/ms-todo-sync - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Removed the README.md file from the project.
- SKILL.md: Expanded and clarified installation and setup instructions.
- Added details on dependencies, environment verification, and security notes.
- Documented additional command-line options (e.g. --debug) and clarified usage and behaviors.
- Updated task operations references with new options for reminders, recurrence, and automatic list creation.
- Improved error handling and troubleshooting information in documentation.
v1.0.0
Initial release — Microsoft To Do management CLI with full task and list features.
- Supports authentication via Microsoft Graph (device code flow).
- Manage task lists: list, create, delete (with non-blocking prompts for agents).
- Manage tasks: add, complete, delete (with support for priorities, due dates, tags).
- List, search, and view details for tasks—including overdue, today, and pending filters.
- Data export supported.
- Designed for agent/non-interactive use; always use `-y` to skip confirmation prompts.
Metadata
Frequently Asked Questions
What is ms-todo-sync?
A CLI skill to manage Microsoft To Do tasks via Microsoft Graph API. Supports listing, creating, completing, deleting, searching tasks and lists, viewing overdue/today/pending tasks, and exporting data. It is an AI Agent Skill for Claude Code / OpenClaw, with 1324 downloads so far.
How do I install ms-todo-sync?
Run "/install ms-todo-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ms-todo-sync free?
Yes, ms-todo-sync is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ms-todo-sync support?
ms-todo-sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ms-todo-sync?
It is built and maintained by xiaoski (@xiaoski); the current version is v1.0.2.
More Skills