Dropbox Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Dropbox-management purpose, but it grants broad Dropbox read/write/delete powers through external MCP/CLI code without clear limits, confirmations, or tightly scoped setup.
Install only if you trust the external Dropbook/dbx-mcp-server code paths. Use least-privilege Dropbox scopes, avoid unpinned npx execution with refresh tokens, configure only the intended MCP server, and require manual review before the agent deletes, overwrites, uploads, or downloads files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with this server enabled could modify, overwrite, download, or trash Dropbox data if it chooses or is prompted to use these tools.
The MCP tool set can read Dropbox content, upload local files, download to local paths, and delete Dropbox files or folders, but the documentation does not define confirmation requirements, path restrictions, or containment controls for these high-impact actions.
`upload` | Upload a file to Dropbox ... `download` | Download a file from Dropbox ... `delete` | Delete a file or folder (moves to trash) ... `read_file` | Read contents of a text file
Use a least-privilege Dropbox app scope, prefer app-folder access where possible, require explicit user confirmation for delete/overwrite/upload/download operations, and review paths before allowing the agent to act.
Anyone who can misuse the configured MCP server or access the stored tokens may be able to operate on the connected Dropbox account.
The skill requires Dropbox credentials and stores OAuth tokens persistently. This is expected for Dropbox management, but it grants ongoing account access and is more sensitive than the registry metadata's 'Primary credential: none' indication.
export DROPBOX_APP_KEY="your_dropbox_app_key" ... export DROPBOX_APP_SECRET="your_dropbox_app_secret" ... export DROPBOX_ACCESS_TOKEN="your_dropbox_access_token" ... Save tokens to macOS Keychain ... Fall back to `~/.dropbook/auth.json`
Use the minimum Dropbox scopes needed, protect the machine account, avoid sharing the fallback auth file, and run logout when the integration is no longer needed.
If the external package or its dependencies are compromised or not the intended implementation, it could receive Dropbox credentials and operate on the user's account.
The auxiliary MCP setup runs an unpinned npm package with `npx -y` and passes it a Dropbox refresh token. No implementation code for that server is included in the reviewed artifacts.
"command": "npx", "args": ["-y", "dbx-mcp-server"], "env": { "DROPBOX_REFRESH_TOKEN": "YOUR_REFRESH_TOKEN" }Avoid the unpinned `npx -y` setup unless you have verified the package; pin versions or commits, inspect the source, and prefer a reviewed local build.
Other project MCP servers could become available to the agent, increasing the chance that data or actions cross an unintended boundary.
This setting enables all project MCP servers, not just the Dropbox server, broadening the tool/data boundary beyond what the Dropbox skill needs.
Enable project MCP servers in Claude Code settings.json: { "enableAllProjectMcpServers": true }Enable only the specific Dropbox MCP server you intend to use, and avoid blanket project-wide MCP enablement for untrusted projects.