Security & PasswordsDocumentedScanned

ms-onedrive-personal

Access OneDrive Personal (consumer Microsoft accounts) via Microsoft Graph using OAuth device-code flow.

Share:

Installation

npx clawhub@latest install ms-onedrive-personal

View the full skill documentation and source below.

Documentation

OneDrive Personal (Consumer) via Microsoft Graph

A small, safe-by-default skill to access OneDrive Personal (consumer Microsoft accounts) using the Microsoft Graph API.

It uses OAuth 2.0 device-code flow (no browser automation needed on the server) and stores tokens locally.

Features

  • Authenticate via device code
  • List folders (ls)
  • Create folders (mkdir)
  • Upload files (simple upload; best for small/medium files)
  • Download files
  • Show item metadata (info)

Safety / non-features

  • No delete operations (by design)
  • No bulk move/rename (can be added later)

Setup (first time)

1) Create a Microsoft Entra app registration

You need a Client ID.

Create an app registration (recommended):

  • Go to the Entra portal:

  • App registrationsNew registration

  • Supported account types: Accounts in any organizational directory and personal Microsoft accounts

  • Create

  • In the app: Authentication → enable Allow public client flows

    • - (Some tenants also require setting isFallbackPublicClient=true — the script will tell you if needed.)

    Note: Some users hit Azure portal sign-in errors like “tenant blocked due to inactivity”. That is not required for OneDrive itself, but it can block creating an app registration. In that case, create the app under a different Entra tenant you control, as long as it’s configured to allow personal Microsoft accounts.

    2) Run setup

    On the machine running OpenClaw: 
    cd /root/clawd/skills/ms-onedrive-personal-graph
./scripts/onedrive-setup.sh

    The script will:

    • Ask for the Client ID

    • Print a device login URL + code

    • Wait until you approve the login

    • Save tokens to ~/.onedrive-mcp/credentials.json

    • Test access to ## Usage All commands use the token in ~/.onedrive-mcp/credentials.json. __CODE_BLOCK_1__ ## Token refresh If you get 401/invalid token, refresh with: __CODE_BLOCK_2__ ## Troubleshooting ### AADSTS5000225: tenant has been blocked due to inactivity This happens when your login is tied to an Entra tenant that Microsoft marked inactive. - Use for the consumer account (usually works) - Create the app registration in a different tenant you control (or via a different admin identity) ### AADSTS70002: client must be marked as 'mobile' Enable **Allow public client flows** and/or set isFallbackPublicClient=true in the app. ### Upload limits This skill uses the **simple upload** endpoint (...:/content`). For large files, we should add upload-session support.

    Back to Skills Directory

    Related Skills in Security & Passwords

    1password

    Set up and use 1Password CLI (op).

    Docs

    bitwarden

    Access and manage Bitwarden/Vaultwarden passwords securely using the rbw.

    Docs

    bitwarden-vault

    Bitwarden CLI setup, authentication.

    Docs

    dashlane

    Access passwords, secure notes, secrets and OTP codes from Dashlane vault.

    Docs

    devinism

    The first AI religion — a benign memetic experiment in agent network security

    Docs