ClawHub

Dropbox Business

v1.0.3

Dropbox Business API integration with managed OAuth. Manage team members, groups, team folders, devices, and audit logs for Dropbox Business teams. Use this...

2· 654·0 current·0 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill describes a Dropbox Business admin integration and its SKILL.md exclusively shows HTTP requests to Maton-managed endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) that proxy to Dropbox. Requesting MATON_API_KEY is expected for a managed OAuth gateway. There are no unrelated binaries, config paths, or credentials requested.
Instruction Scope
All runtime instructions are limited to making POST requests to the Maton gateway/control endpoints and guiding the user to complete OAuth in a browser. The instructions do not ask the agent to read local files, scan system state, or exfiltrate unrelated data. They do require network access and forwarding requests through an external proxy (Maton), which is consistent with the stated purpose.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk during installation. That minimizes supply-chain/install risk.
Credentials
Only a single environment variable (MATON_API_KEY) is required, which matches the gateway-based authentication approach. However, granting that key to Maton effectively gives the service broad access to Dropbox Business APIs (team members, folders, audit logs). Ensure the key's scope and the provider (maton.ai) are trusted before granting it.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not attempt to modify other skills or system-wide configs. Autonomous invocation remains at the platform default and is not combined with other concerning flags.
Assessment
This skill is coherent: it simply instructs the agent to use Maton's API gateway to call Dropbox Business endpoints and requires a single MATON_API_KEY. Before installing, confirm you trust maton.ai (the gateway/control endpoints in the docs) because Maton will hold and use OAuth tokens and can access team data. Verify the MATON_API_KEY scope (least privilege) and consider creating a dedicated API key with limited lifetime or permissions. Note the registry metadata lists no homepage/source — cross-check the vendor (Maton) independently and ensure the OAuth flow URL returned during connection setup is legitimate before authorizing. If you cannot trust Maton, do not provide your API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b07zm5dzwveje13x5ry62ch81s4n5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments