Dropbox
PassAudited by ClawScan on May 3, 2026.
Overview
This is a coherent Dropbox integration, but installing and using it means trusting ClawLink and Dropbox OAuth so the agent can access and manage Dropbox files when directed.
This skill appears purpose-aligned and not malicious based on the provided artifacts. Before installing, verify the ClawLink plugin, review the Dropbox OAuth permission screen, and be cautious when approving uploads, downloads, sharing, moves, deletes, or bulk file operations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to install and trust an additional plugin before the Dropbox skill works.
The instruction-only skill depends on a separate plugin installation that is not included in the provided artifacts. This is central to the stated purpose, but users should verify the plugin before installing.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the ClawLink plugin only from the expected ClawHub source and review its own permissions or verification information before use.
If authorized, the agent can change, upload, download, move, or share Dropbox content through ClawLink tools.
The skill can perform high-impact Dropbox operations, including file changes and sharing. These actions fit the Dropbox management purpose and the skill instructs confirmation for risky writes.
Typical Dropbox tasks ... Upload and download files ... Create and share folders ... Copy and move files ... Manage shared links
Review previews carefully and only confirm write, sharing, destructive, or bulk actions you actually want performed.
Connecting Dropbox gives ClawLink and the OpenClaw plugin permission to act on your Dropbox account within the granted scopes.
The skill requires delegated Dropbox account access through OAuth. This is expected for a Dropbox integration and is disclosed, but it grants account-level authority according to the approved scopes.
ClawLink's hosted page runs the Dropbox OAuth flow — the user clicks through the Dropbox login and authorization screen.
Check the Dropbox authorization screen, grant only scopes you are comfortable with, and revoke the connection from Dropbox or ClawLink when it is no longer needed.
Dropbox file names, metadata, or requested file contents may pass through ClawLink while the agent performs your requested tasks.
Dropbox access is mediated by an external integration hub. This is disclosed and purpose-aligned, but Dropbox requests, responses, and credential handling depend on that gateway.
Powered by ClawLink ... an integration hub for OpenClaw that handles hosted connection flows and credentials
Use this skill only if you trust ClawLink with the Dropbox account and data involved, and avoid connecting highly sensitive Dropbox accounts unless necessary.