ClawHub

Clawdbot Skill Dropbox

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Dropbox file-management skill, but users should protect its local token file and be careful with broad Dropbox access.

Install only if you want the agent to manage Dropbox files. Prefer an App Folder-scoped Dropbox app over Full Dropbox when possible, keep ~/.config/atlas/dropbox.env private with restrictive permissions such as 600, do not commit or share it, review upload/download paths before running commands, and revoke the Dropbox app if the token file may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly describes network access to Dropbox APIs and file writes to a local env file, yet it declares no permissions. This is dangerous because users and any policy layer cannot accurately assess or constrain its capabilities, especially given that it can modify both local credential storage and remote cloud data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The description focuses on file management but the documented usage includes an account command and permissions such as account_info.read, which implies collection of profile data like display name and email. This mismatch increases privacy risk because users may authorize the skill expecting only file operations, not account-profile retrieval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs users to store a Dropbox app secret, access token, and refresh token in a local plaintext env file, but provides no warning about file permissions, secret handling, or safer storage options. Because these values grant Dropbox API access and long-lived refresh capability, disclosure of that file could allow persistent unauthorized access to the user's Dropbox account.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup instructions recommend 'Full Dropbox' access without an explicit warning that the skill can read, modify, upload, and overwrite user cloud data. In this context, the omission is significant because the skill is a file-management tool with broad capabilities over potentially all user files.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The refreshed access token is written back to disk in plaintext without any permission hardening or secure secret storage. If another local user, process, backup system, or log/telemetry collector can access that file, the token can be stolen and used to access the user's Dropbox data.

Credential Access

High
Category
Privilege Escalation
Content
The script automatically handles token refresh:

1. On 401 Unauthorized, it uses the refresh token to get a new access token
2. Updates `dropbox.env` with the new access token
3. Retries the original request
Confidence
91% confidence
Finding
access token

Credential Access

High
Category
Privilege Escalation
Content
The script automatically handles token refresh:

1. On 401 Unauthorized, it uses the refresh token to get a new access token
2. Updates `dropbox.env` with the new access token
3. Retries the original request

## Token Lifecycle
Confidence
90% confidence
Finding
access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal