Drive Tools
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent cloud-drive tool, but it handles drive credentials and remote file mutations with some unsafe connection and path-scope behavior that users should review before use.
Install only if you are comfortable saving drive credentials in the skill config and letting the agent manage remote files. Before use, prefer FTPS/WebDAV over plain FTP, avoid broad account permissions, verify exact paths before delete or move commands, and be cautious because the FTP TLS code does not verify the server certificate.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An attacker on the network could potentially impersonate the FTP server and capture drive credentials or file contents.
The FTP TLS context explicitly disables server certificate and hostname verification, so even an encrypted FTPS connection would not authenticate the server.
context.check_hostname = False
context.verify_mode = ssl.CERT_NONEEnable certificate verification by default, document any self-signed-certificate exception clearly, and require an explicit user opt-in for insecure TLS.
A configured remote root path may not reliably contain operations; a crafted path could affect files outside the intended remote folder if the server normalizes parent-directory segments.
The code claims to implement remote path scope limiting, but it only strips leading slashes and does not reject or normalize parent-directory components such as '..'. Similar base-path joining appears in the FTP and WebDAV snippets.
def _get_full_path(self, path: Union[str, os.PathLike]) -> str:
"""Merge requested path with configured base_path to implement scope limitation. (将请求路径与配置的 base_path 合并,实现范围限定。)"""
path = str(path).replace('\\', '/')
clean_path = path.lstrip('/')
full_path = f"{self.base_path}/{clean_path}".replace('//', '/')Normalize remote paths safely and reject '..' or other traversal patterns before list, upload, download, delete, move, and search operations.
Anyone or any process that can read the skill directory may be able to see the saved drive credentials.
The configuration template stores drive account usernames and passwords in the skill's local config file.
"user": "", // FTP Username (FTP 用户名)
"password": "", // FTP Password (FTP 密码)Use app-specific passwords where possible, restrict file permissions on config.json, and avoid storing broad account credentials.
If the agent runs the wrong command or path, remote files or folders could be deleted or moved.
The skill documents remote delete and move operations, which are expected for a drive-management tool but can permanently change remote files.
python scripts/ftp_drive_tools.py --name ftpDrive rm /old.txt python scripts/ftp_drive_tools.py --name ftpDrive rm -d /old_dir # Rename or Move: old_path -> new_path
Ask the agent to show the exact command and target path before destructive operations, and keep backups of important remote data.
Users may need to install missing dependencies themselves, which can introduce package-source or version risks.
The skill includes Python scripts that rely on external libraries, but the registry metadata does not provide an install specification or pinned dependency information.
No install spec — this is an instruction-only skill.
Provide a pinned dependency list or install specification from trusted package sources.