Skillv0.0.3

ClawScan security

Drive Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 5:28 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill implements exactly what it claims (SMB/WebDAV/FTP CLI helpers) and its requirements and instructions are internally consistent, but it asks users to store plaintext drive credentials in a local config file and includes a couple of risky defaults you should review before use.
Guidance: This skill appears coherent for managing SMB/FTP/WebDAV drives, but take these precautions before installing or using it: - Understand that you will be asked to enter drive usernames/passwords which the skill stores in plaintext at skills/drive-tools/config.json — prefer app-specific or limited-access accounts and avoid reusing high-privilege credentials. - Review the config.json and scripts yourself; the FTP TLS context in the code disables certificate verification (context.verify_mode = CERT_NONE), which can allow man-in-the-middle attacks. If you care about TLS authenticity, modify the code to validate certs. - Keep base path (path) restricted in config.json to limit the skill's access scope, and use the recommended whitelisted downloads directory (e.g., ~/.openclaw/media/downloads) so files the skill writes are constrained. - Ensure the runtime environment has the required Python packages (requests, pysmb, ftplib standard library, etc.) and that you trust network connectivity to the configured servers. - If you are not comfortable storing credentials on disk, do not add them or consider encrypting the config file or using ephemeral credentials. Remove the skill when not needed. If you want, I can point out the exact lines where TLS verification is disabled and suggest code changes to force certificate validation and safer credential handling.

Review Dimensions

Purpose & Capability: okName/description match the packaged files: scripts implement SMB, FTP and WebDAV clients and the config.json templates match those protocols. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope: noteSKILL.md instructs the agent to guide users to produce and save drive credentials into skills/drive-tools/config.json and to run connection tests. This is within scope for a drive management tool, but it means the agent will handle users' plaintext credentials and will be asked to write them to disk. The skill also instructs use of a whitelist downloads directory (good) but relies on the agent to enforce that.
Install Mechanism: okNo install spec; code is included in the skill bundle. Nothing is downloaded from external or untrusted URLs during install.
Credentials: noteThe skill declares no required environment variables, which aligns with its function. However, it requires users to provide protocol credentials (user/password/host) that will be stored in config.json in plaintext inside the skill folder — this is expected for such a tool but is a sensitive operation and should be treated accordingly (use least-privilege accounts, app-specific passwords, and limit base_path).
Persistence & Privilege: okalways:false and no unusual privileges are requested. The skill will store its own config file and run scripts when invoked, which is normal and scoped to the skill.