Security & PasswordsDocumentedScanned
ms-onedrive-personal
Access OneDrive Personal (consumer Microsoft accounts) via Microsoft Graph using OAuth device-code flow.
Share:
Installation
npx clawhub@latest install ms-onedrive-personalView the full skill documentation and source below.
Documentation
OneDrive Personal (Consumer) via Microsoft Graph
A small, safe-by-default skill to access OneDrive Personal (consumer Microsoft accounts) using the Microsoft Graph API.
It uses OAuth 2.0 device-code flow (no browser automation needed on the server) and stores tokens locally.
Features
- Authenticate via device code
- List folders (
ls) - Create folders (
mkdir) - Upload files (simple upload; best for small/medium files)
- Download files
- Show item metadata (
info)
Safety / non-features
- No delete operations (by design)
- No bulk move/rename (can be added later)
Setup (first time)
1) Create a Microsoft Entra app registration
You need a Client ID.Create an app registration (recommended):
- (Some tenants also require setting
isFallbackPublicClient=true — the script will tell you if needed.)
Note: Some users hit Azure portal sign-in errors like “tenant blocked due to inactivity”. That is not required for OneDrive itself, but it can block creating an app registration. In that case, create the app under a different Entra tenant you control, as long as it’s configured to allow personal Microsoft accounts.
2) Run setup
On the machine running OpenClaw:cd /root/clawd/skills/ms-onedrive-personal-graph
./scripts/onedrive-setup.sh
The script will:
- Ask for the Client ID
- Print a device login URL + code
- Wait until you approve the login
- Save tokens to
~/.onedrive-mcp/credentials.json - Test access to
## Usage All commands use the token in~/.onedrive-mcp/credentials.json. __CODE_BLOCK_1__ ## Token refresh If you get 401/invalid token, refresh with: __CODE_BLOCK_2__ ## Troubleshooting ### AADSTS5000225: tenant has been blocked due to inactivity This happens when your login is tied to an Entra tenant that Microsoft marked inactive. - Use for the consumer account (usually works) - Create the app registration in a different tenant you control (or via a different admin identity) ### AADSTS70002: client must be marked as 'mobile' Enable **Allow public client flows** and/or setisFallbackPublicClient=truein the app. ### Upload limits This skill uses the **simple upload** endpoint (...:/content`). For large files, we should add upload-session support.