ClawHub

Dropbox Kb Auto

Security checks across malware telemetry and agentic risk

Overview

This is a real Dropbox indexing skill, but its broad Dropbox access, persistent local plaintext indexing, optional recurring sync, and misleading configuration path need user review before installation.

Install only if you are comfortable with selected Dropbox file contents being copied as searchable plaintext into OpenClaw memory. Use a narrow Dropbox app/folder scope where possible, verify the actual FOLDERS and SKIP_PATHS values in dropbox-sync.py before the first run, avoid cron until you want continuous syncing, and know how to revoke the Dropbox token and delete the generated memory files if you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill’s security guidance claims read-only access is recommended, but the setup instructions direct users to create a Full Dropbox app, which grants unnecessarily broad access to the entire account. This violates least-privilege principles and increases the blast radius if the token is exposed, mishandled, or reused by the skill or related automation.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The module docstring presents the tool as only doing delta-based fetching, but the implementation downloads file contents, performs OCR/text extraction, and persists extracted content locally. That mismatch can materially mislead operators about data handling and privacy impact, increasing the chance of unauthorized sensitive-data collection and retention.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill encourages broad syncing and indexing of Dropbox content into the agent’s knowledge base but does not clearly warn users that sensitive files may become searchable by the agent and included in automated cron-driven ingestion. This can lead to unintentional exposure of private documents, credentials, financial records, or regulated data to downstream agent workflows and logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill downloads Dropbox content and writes extracted text into local markdown files under a memory/knowledge directory without any explicit notice, consent checkpoint, or data-minimization control. In this context, the tool is operating on potentially sensitive personal or business documents, so silent local persistence meaningfully increases confidentiality and retention risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installer generates a config file and rewrites dropbox-sync.py in place, but it does not prominently warn the user that local project files will be modified. This is risky because users may not expect code changes from an installer, and in-place script mutation makes auditing, rollback, and integrity verification harder if the package is tampered with or the rewrite logic behaves unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script offers to create a recurring cron job that will continue running in the background, but it does not clearly explain the persistence, resource usage, or ongoing access implications of automatic Dropbox indexing. Persistent scheduled execution increases the blast radius of any later compromise or misconfiguration because the task will keep re-running without further user review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal