Clawdbot Skill Dropbox
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dropbox-lite Version: 1.0.1 The skill is classified as suspicious due to a critical arbitrary file write vulnerability in `scripts/dropbox.py`. The `download` command allows a user to specify an arbitrary local path via the `--output` argument, enabling the script to write downloaded content to any location on the filesystem (e.g., `/etc/cron.d/evil`, `~/.bashrc`). This vulnerability could lead to privilege escalation or persistence if the agent is prompted to download a file to a sensitive system path. While the script's core functionality is legitimate, this flaw allows for significant abuse without clear malicious intent within the code itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured Dropbox app to read and write Dropbox files until the refresh token is revoked or the app is disconnected.
The skill requires Dropbox app credentials and a long-lived refresh token, and may be configured with full-account Dropbox access. This is expected for the integration but grants delegated access to the user's Dropbox account.
`DROPBOX_APP_SECRET` | ✅ Yes ... `DROPBOX_REFRESH_TOKEN` | ✅ Yes | OAuth refresh token (long-lived) ... Choose "Full Dropbox" (or "App folder" for limited access)
Use an App Folder and least-privilege scopes if sufficient, keep the token file private, and revoke the Dropbox app if you stop using the skill.
If invoked with the wrong path, local files could be uploaded to Dropbox or Dropbox contents could be changed.
The upload command reads a local file and sends it to Dropbox. That is central to the skill's purpose, but incorrect or overly broad agent use could disclose local files to Dropbox.
with open(local_path, 'rb') as f: file_data = f.read() ... url = "https://content.dropboxapi.com/2/files/upload"
Review upload, download, and folder-creation paths before allowing the agent to run them, especially when sensitive local files are involved.
Users have less provenance information to rely on before trusting the skill with Dropbox credentials.
The provided provenance is limited, though there is no install-time execution or remote script shown. This matters because users would be granting a credentialed Dropbox integration.
Source: unknown ... No install spec — this is an instruction-only skill.
Inspect the included script and package metadata before configuring tokens, and prefer a trusted source or pinned reviewed version for sensitive Dropbox accounts.