Cloud Mount
ReviewAudited by ClawScan on May 10, 2026.
Overview
Cloud Mount appears to be a coherent rclone-based cloud-drive mounting helper, but it needs your cloud authorization and can run a background autostart service if you enable it.
Install only if you are comfortable using rclone and granting it access to the selected cloud storage. Review the shell scripts, install rclone from a trusted source, protect ~/.config/rclone/rclone.conf, avoid unnecessary sudo, and add exclusions before using the broad backup examples.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the mount can potentially read or modify files in the authorized cloud storage scope.
The skill requires the user to authorize a cloud storage account through rclone; this is expected for mounting OneDrive/Google Drive, but it relies on sensitive account tokens.
在浏览器打开提供的 URL,登录云存储账号并授权
Use a dedicated or least-privilege cloud account/folder when possible, protect ~/.config/rclone/rclone.conf, and review the rclone remote before mounting it.
If enabled, the cloud mount may keep running after login/reboot until the user disables the service.
The script can create and enable a user-level systemd service so the rclone mount runs in the background. This is disclosed as the autostart feature and is optional.
systemctl --user enable "$SERVICE_NAME" ... systemctl --user start "$SERVICE_NAME"
Enable autostart only if you want persistent mounting; use the provided disable command and check user service logs/status periodically.
Following the example without exclusions could upload private keys, tokens, personal files, or system configuration to cloud storage.
The documentation includes a scheduled broad backup example that can copy sensitive local directories to the mounted cloud drive. It is user-directed and aligned with the backup use case, but broad automatic backups can propagate mistakes or secrets.
rsync -av --delete /etc/ ~/backup/etc/ ... rsync -av --delete /home/ ~/backup/home/ ... 0 2 * * * /bin/bash ~/backup.sh
Before using the backup example, add exclusions for secrets such as rclone.conf, SSH keys, browser profiles, and application tokens; consider encryption and test with a small folder first.
Installation may appear complete while the skill will not work until rclone is installed from the user's package manager or another trusted source.
The registry metadata does not declare rclone as a required binary even though the docs and scripts require it. The dependency is disclosed in the docs, so this is a packaging completeness issue rather than hidden behavior.
Required binaries (all must exist): none ... Install specifications: No install spec
Install rclone from an official or trusted package source and verify its version before using the skill.
A user might rely on the skill's own safety claims instead of reviewing the actual scripts and permissions.
The README contains self-attested security/approval language. It is not operationally malicious, but users should not treat embedded approval claims as authoritative.
OpenClaw 内部扫描结果:Benign(高置信度)
Base trust on the current artifacts, platform review, and your own inspection rather than on approval claims inside the skill documentation.