ClawHub

Google Drive File Management

Security checks across malware telemetry and agentic risk

Overview

This Google Drive skill is mostly purpose-aligned, but unsafe command construction could let crafted Drive or user inputs run local shell commands.

Review before installing. Use only with a least-privilege Google Drive account and a constrained workspace, avoid untrusted filenames, queries, file IDs, emails, roles, and paths, and prefer a fixed version that uses argument-array process execution plus explicit confirmation before uploads, downloads, overwrites, or sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill interfaces with Google Drive via a CLI and therefore necessarily relies on environment-backed credentials or tokens, yet no explicit permissions are declared. This creates a transparency and least-privilege problem: an agent may access sensitive cloud data using ambient credentials without the user being clearly warned or the platform being able to gate that capability.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill implements permission sharing via `shareFile`, which expands capability beyond the declared scope of upload/download/list/search/organize. Scope drift is dangerous because users and policy systems may approve the skill expecting file management only, while the code can grant third-party access to Drive content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill performs remote upload, download, search, and sharing operations against Google Drive but does not prominently warn that local workspace data may be exfiltrated to cloud storage or that remote file permissions may be modified. In an agent setting, this can lead to accidental disclosure of sensitive files, unintended syncing of confidential data, or unauthorized sharing with external recipients.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
`uploadFile` sends arbitrary local files to Google Drive with no confirmation, policy check, or path restriction. In an agent setting, this can cause unintended exfiltration of sensitive workspace or host files if an upstream prompt or tool call supplies a sensitive path.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
`downloadFile` writes remote content into a local path derived from attacker-controlled metadata (`fileInfo.name`) without sanitizing the filename. A malicious Drive file name containing traversal sequences or absolute-path tricks could cause writes outside the intended workspace, leading to file overwrite or planting malicious content.

Missing User Warnings

High
Confidence
93% confidence
Finding
`shareFile` grants Drive access to an external email address without any user-facing confirmation or secondary authorization. This enables accidental or prompt-induced data disclosure by expanding access to sensitive files, and the effect may persist after the immediate session.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal