Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Dropbox Manager
v1.0.0Manage Dropbox files securely with OAuth 2.0 PKCE via CLI or MCP server, supporting upload, download, search, delete, and account info operations.
⭐ 0· 2.4k·9 current·9 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared registry metadata says no environment variables or credentials are required, but SKILL.json and SKILL.md clearly require Dropbox credentials (APP_KEY, APP_SECRET, ACCESS_TOKEN/REFRESH_TOKEN) to function. The package contains only docs (no executable code), yet the instructions require cloning and building an external repo (https://github.com/RyanLisse/Dropbook). These mismatches make it unclear what the skill actually needs and why the registry metadata says 'none'.
Instruction Scope
SKILL.md stays within Dropbox management functionality (OAuth, listing, upload, download). It does instruct the user/agent to clone and build an external repo, run an MCP server, and store tokens in macOS Keychain or a fallback file. It also recommends enabling project-level MCP servers (enableAllProjectMcpServers), which can cause agent tooling to automatically start servers — a configuration action with broader effects than simple API calls and worth caution.
Install Mechanism
There is no install spec in the registry package; instead the SKILL.md instructs cloning and building a GitHub repository. The references also suggest an alternative (an npx 'dbx-mcp-server') — two different install/runtime models are presented (native Swift binary vs node package). Relying on external code (not bundled) and offering multiple, inconsistent server implementations increases risk and user confusion.
Credentials
Access to Dropbox API keys/tokens is reasonable for a Dropbox manager, but the skill's manifests disagree about which variables are required: registry metadata says none, SKILL.json marks DROPBOX_APP_KEY, DROPBOX_APP_SECRET, and DROPBOX_ACCESS_TOKEN as required, SKILL.md describes OAuth with app key/secret and optional manual ACCESS_TOKEN, and references/mcp-setup.md expects a REFRESH_TOKEN for the npx server. This inconsistent list of required secrets is disproportionate and unclear. Also, tokens are saved to Keychain or to a plaintext fallback (~/.dropbook/auth.json), which is expected but should be explicit to a non-technical user.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It does instruct storing Dropbox tokens in the macOS Keychain (and a file fallback) and asks that project MCP servers be enabled in agent settings — both create persistent effects on the host. Autonomous invocation is allowed by default (disable-model-invocation: false), which combined with stored credentials could increase blast radius if the MCP server is enabled and launched automatically. This is expected for an agent-integrated MCP tool but worth explicit user consent.
What to consider before installing
This skill's docs and machine manifest disagree about what it needs and how to run it. Before installing or giving it credentials: 1) Verify and inspect the external repository (https://github.com/RyanLisse/Dropbook) — the package contains no code itself. 2) Confirm which environment variables the runtime actually requires (APP_KEY/SECRET, ACCESS_TOKEN, or REFRESH_TOKEN) and whether those are mandatory. 3) Prefer the OAuth Keychain flow (recommended) over dropping long-lived tokens in files or environment variables; if you must provide tokens, consider using least-privilege app scopes and a dedicated Dropbox app. 4) Avoid enabling 'enableAllProjectMcpServers' globally — only allow this MCP server after you trust and have tested the binary in a sandbox. 5) If anything is unclear, ask the publisher to reconcile SKILL.json, SKILL.md, and references/mcp-setup.md and to provide signed releases or a vetted distribution channel before running builds from source.Like a lobster shell, security has layers — review code before you run it.
latestvk97935e39qs3b8qbw8fx7bmb7h7zcr2b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.