Box Automation
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Box automation skill, but it can use a third-party MCP/OAuth connection to change, share, download, and delete Box content, so users should give explicit targets and confirmations.
Before installing, make sure you trust Rube/Composio with the Box account you connect. Use explicit file and folder IDs, confirm sharing and collaboration changes, and require extra confirmation before recursive or permanent deletion.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change, move, delete, or permanently remove Box folders if the user authorizes or requests those workflows.
The skill documents powerful Box mutation and deletion tools. This is aligned with Box automation, but wrong IDs or unclear user instructions could modify or remove cloud content.
`BOX_UPDATE_FOLDER` - Rename, move, or update folder settings ... `BOX_DELETE_FOLDER` - Move folder to trash ... `BOX_PERMANENTLY_REMOVE_FOLDER` - Permanently delete a trashed folder
Confirm exact file/folder IDs, destination folders, recursive deletion flags, and permanent deletion requests before running destructive Box actions.
A connected Box account may allow the agent to search, upload, download, manage folders, and perform other Box operations within the granted OAuth permissions.
The skill requires a Box OAuth connection through Rube/Composio. That account authority is expected for Box automation, but it grants the integration access to act on the user's Box account.
Active Box connection via `RUBE_MANAGE_CONNECTIONS` with toolkit `box` ... follow the returned auth link to complete Box OAuth
Use the least-privileged Box account appropriate for the task, review the OAuth permissions during connection, and revoke the connection when no longer needed.
Sensitive Box data involved in searches, downloads, uploads, sharing, or metadata queries may be exposed to the configured MCP/provider path.
Box operations are routed through an external MCP provider. This is disclosed and purpose-aligned, but Box file names, metadata, search queries, and selected file content may pass through that service.
Automate Box operations ... via Rube MCP (Composio) ... Add `https://rube.app/mcp` as an MCP server
Only connect trusted Box accounts and avoid using the skill on highly sensitive files unless Rube/Composio’s data handling is acceptable.
A single incorrect folder ID or recursive delete request could remove a large folder tree from Box.
Recursive folder deletion can affect many Box files/folders from a single mistaken target. The skill notes this parameter, but users should treat it as high-impact.
`recursive`: Set `true` to delete non-empty folders
List and verify folder contents before recursive deletion, prefer trash over permanent removal, and require explicit confirmation for broad deletes.