auto-drive
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims, but it can permanently upload files or agent memories to an external storage network using an API key.
Install this only if you want permanent external storage for files or agent memory. Do not save secrets or private context you may later need deleted, protect the Auto-Drive API key, and only resurrect memory chains from trusted CIDs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything saved as memory may become long-lived agent context, and an untrusted CID could cause the agent to recall misleading or malicious memories.
The core feature stores agent context as reusable persistent memory, so sensitive or untrusted content could be preserved and later reintroduced into agent context.
Save decisions, identity, and context as a memory chain on the Autonomys Network. Rebuild your full history from a single CID
Only save information you are comfortable preserving permanently, avoid secrets, and recall chains only from CIDs you trust.
If the API key is exposed, someone else may be able to use the user's Auto-Drive account within the key's permissions.
The setup helper saves the Auto-Drive API key locally for later authenticated uploads and account checks; this is expected but gives the skill delegated access to the Auto-Drive account.
echo "AUTO_DRIVE_API_KEY='${safe_key}'" >> "$AD_ENV_FILE"
chmod 600 "$AD_ENV_FILE"Keep the API key private, revoke or rotate it if exposed, and install only on machines where local OpenClaw config files are protected.
Users have less external context for who maintains the skill or where updates originate.
The registry metadata does not provide an upstream source or homepage, which limits provenance verification even though the included scripts are visible and coherent.
Source: unknown Homepage: none
Review the included scripts before installing and prefer versions from a trusted publisher or with verifiable project links when available.