Taildrop
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: taildrop Version: 1.0.0 The skill is classified as suspicious due to the use of `eval` in `scripts/taildrop-get.sh`. While the script attempts to quote user-provided input (`TARGET_DIR`) within the command string passed to `eval`, `eval` is an inherently dangerous function that can lead to shell injection vulnerabilities if the input string is not perfectly sanitized or if it contains maliciously crafted quotes. This represents a potential vulnerability, not clear malicious intent, aligning with the 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed destination path could cause commands to run on the user's machine under the user's account.
TARGET_DIR comes from a positional argument, is embedded into a shell command string, and is then executed through eval. A crafted destination path containing shell syntax such as command substitution could execute unintended commands.
CMD="$CMD \"$TARGET_DIR\"" ... eval $CMD
Remove eval and execute the command using a shell array, for example building arguments as an array and running "${cmd[@]}". Also validate or restrict destination paths.
After running the setup command, the user account may be able to operate the local Tailscale daemon without sudo.
The setup asks the user to grant their account ongoing Tailscale operator access. This is disclosed and related to Taildrop retrieval, but it changes local Tailscale privilege boundaries.
User must be set as Tailscale operator (run once): `sudo tailscale set --operator=$USER`
Only run the operator command if you understand and accept the Tailscale privilege change; otherwise use sudo per download if appropriate.
If loop mode is used, files sent through Taildrop may continue appearing in the chosen local directory until the process is stopped.
Loop mode creates a long-running receiver that continues saving incoming Taildrop files until stopped. It is disclosed and user-directed, but it is persistent activity.
The script can run in loop mode to auto-receive files as they arrive
Use loop mode only when you want continuous receiving, monitor the destination folder, and stop it with Ctrl+C when finished.
The skill may fail or prompt for local Tailscale setup even though the registry metadata does not advertise that dependency.
The registry metadata does not declare a required binary, while the SKILL.md and script require the tailscale CLI. This is an under-declared dependency, not evidence of hidden installation.
Required binaries (all must exist): none
Declare the tailscale CLI as a required binary and keep setup requirements consistent between metadata and SKILL.md.