Pilot Dropbox
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This shared-folder skill is review-worthy because its example daemon automatically trusts peer messages to send or delete local files using unvalidated file names.
Only use this after reviewing and hardening the daemon. Limit it to trusted peers and topics, validate all filenames, prevent paths from escaping the shared folder, require confirmation for deletes and pull requests, and make sure any background watcher can be stopped.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised peer could make the agent delete local files or send local files that were not meant to be shared.
The daemon reads a filename from an incoming event and uses it directly in rm and send-file commands. No check prevents path traversal such as '../', so a peer-controlled event could cause deletion or transfer of files outside the intended shared folder.
file_removed) ... FILENAME=$(echo "$event" | jq -r '.filename') ... rm -f "$DROPBOX_DIR/$FILENAME" ... dropbox_pull) ... pilotctl --json send-file "$FROM" "$DROPBOX_DIR/$FILENAME"
Do not run this daemon as written. Validate filenames, reject slashes and '..', resolve real paths and require they stay under the shared directory, and require user approval for deletes or peer pull requests.
Files may be shared with another peer based only on an incoming message, increasing the risk of unintended disclosure.
Incoming inter-agent/pub-sub messages determine the sender, action type, filename, and file-transfer destination, but the skill does not show authorization, sender validation, or data-boundary checks before sending files.
pilotctl --json subscribe "$PEER" "$TOPIC" | while read -r event; do ... FROM=$(echo "$event" | jq -r '.from') ... pilotctl --json send-file "$FROM" "$DROPBOX_DIR/$FILENAME"
Use only trusted peers and topics, add explicit sender allowlists, authenticate message origin where possible, and prompt before sending files requested by another agent.
The sync process may continue publishing file changes after the immediate task is finished unless the user stops it.
The watcher is explicitly started in the background and the workflow example is a long-running daemon. This is aligned with the shared-folder purpose, but it creates persistent activity the user must manage.
fswatch -0 "$DROPBOX_DIR" | while read -d "" changed_file; do ... done &
Start the watcher only when needed, keep track of its process ID, provide a stop/cleanup command, and run it with the least privileges necessary.