← Back to Skills Marketplace
Microsoft To Do
by
Karthikeyan N
· GitHub ↗
· v1.0.1
· MIT-0
284
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install microsoft-graph-todo
Description
Microsoft To Do via Microsoft Graph. List task lists, read tasks, create tasks, update tasks, and mark tasks complete.
Usage Guidance
The skill appears coherent and implements a standard device-code OAuth flow for Microsoft To Do. Before installing: review the included scripts/ms_todo_auth.py (it will create token.json and device_code.json under a user config directory and will read an optional scripts/.env), confirm you are comfortable storing tokens on that machine, do not commit token files to source control, and use the least-privilege app registration (Tasks.Read or Tasks.ReadWrite as needed). Because the package source/homepage is unknown, verify the script contents yourself and prefer creating your own Entra app registration rather than trusting any prepopulated client IDs; if anything looks unexpected, do not proceed and consider running the commands in a sandboxed environment.
Capability Analysis
Type: OpenClaw Skill
Name: microsoft-graph-todo
Version: 1.0.1
The skill provides a legitimate implementation for managing Microsoft To Do tasks via the Microsoft Graph API. It uses a standard OAuth2 device-code flow for authentication, implemented in 'scripts/ms_todo_auth.py', and follows security best practices by storing tokens in OS-native configuration directories rather than insecure shell profiles. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description match the behavior: it uses Microsoft Graph To Do endpoints. Required binaries (python3) and environment variables (MS_TODO_CLIENT_ID, MS_TODO_TENANT_ID) are exactly what a delegated device-code flow needs.
Instruction Scope
SKILL.md limits actions to obtaining device codes, polling/refreshing tokens, and calling Graph endpoints. It instructs storing client_id/tenant_id and token/device JSON in a per-user config dir and shows exact curl examples. It does not request unrelated files, paths, or external endpoints beyond Microsoft (login.microsoftonline.com, graph.microsoft.com).
Install Mechanism
No install spec; the skill is instruction-only with one small included Python helper. Nothing is downloaded from arbitrary URLs and no archives are extracted.
Credentials
Requested environment variables are limited to MS_TODO_CLIENT_ID and MS_TODO_TENANT_ID (and optional config overrides). No client secrets or unrelated credentials are requested. The helper uses delegated device-code flow which is appropriate for this use case.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or cross-skill configuration changes. It writes its own token and device JSON into a user-scoped config directory (expected for OAuth helpers).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install microsoft-graph-todo - After installation, invoke the skill by name or use
/microsoft-graph-todo - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added explicit required environment variables (`MS_TODO_CLIENT_ID`, `MS_TODO_TENANT_ID`) to metadata.
- Clarified that the access token and device code helpers write secrets only to disk, not stdout, for improved handling of sensitive credentials.
- Documented that token and device code responses are saved in `token.json` and `device_code.json`, and not echoed with bearer/refresh tokens in outputs.
- Updated metadata with the new `primaryEnv` field to signal the primary environment variable.
v1.0.0
Initial release of the Microsoft To Do (Graph) skill.
- Implements user authentication with Microsoft Graph using device code flow and delegated permissions.
- Supports listing task lists, reading tasks, creating, updating, completing, and deleting tasks.
- Uses OS-native config directory for client ID, tenant ID, and token storage with optional local `.env` overrides.
- Provides detailed instructions for app registration, authentication, and common Graph API operations.
- Includes comprehensive guidance for setup, common errors, and validation steps.
Metadata
Frequently Asked Questions
What is Microsoft To Do?
Microsoft To Do via Microsoft Graph. List task lists, read tasks, create tasks, update tasks, and mark tasks complete. It is an AI Agent Skill for Claude Code / OpenClaw, with 284 downloads so far.
How do I install Microsoft To Do?
Run "/install microsoft-graph-todo" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Microsoft To Do free?
Yes, Microsoft To Do is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Microsoft To Do support?
Microsoft To Do is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Microsoft To Do?
It is built and maintained by Karthikeyan N (@karthidreamr); the current version is v1.0.1.
More Skills