Back to skill

Security audit

Clawdbot Skill Dropbox

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Dropbox command-line skill, but it needs careful handling because it stores Dropbox tokens locally and can write downloaded files to chosen paths.

Install only if you want an agent to manage Dropbox files. Prefer an App Folder-scoped Dropbox app when possible, keep ~/.config/atlas/dropbox.env private with restrictive permissions such as chmod 600, never commit or share that file, review upload/download paths before running commands, and revoke the Dropbox app if the token file may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents capabilities that perform network access and local file writes, but it does not declare permissions or provide an explicit trust boundary for those actions. This is dangerous because users may invoke the skill without understanding that it can contact Dropbox and rewrite local credential material on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to store the Dropbox app secret, access token, and refresh token in a local plaintext env file without any warning about file permissions, secret handling, or alternative secure storage. In a headless/server context this increases the chance that long-lived credentials are exposed through weak filesystem permissions, backups, shell history, or accidental commits.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that it automatically updates `dropbox.env` with a new access token, but it does not warn the user that secrets will be rewritten on disk. Silent modification of a credential file can lead to accidental exposure, corruption of secrets, or unsafe file permissions if the write operation is not carefully controlled.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The download path is written directly to the local filesystem with no safeguards against overwriting an existing file when --output is supplied. In an agent context, this can unexpectedly clobber local files or place remote content into sensitive locations if a caller provides a dangerous path.

Credential Access

High
Category
Privilege Escalation
Content
The script automatically handles token refresh:

1. On 401 Unauthorized, it uses the refresh token to get a new access token
2. Updates `dropbox.env` with the new access token
3. Retries the original request

## Token Lifecycle
Confidence
90% confidence
Finding
access token

Credential Access

High
Category
Privilege Escalation
Content
import argparse
from pathlib import Path

CONFIG_PATH = Path.home() / ".config/atlas/dropbox.env"

# Global config cache
_config = None
Confidence
91% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
def load_config():
    """Load all credentials from the .env file."""
    global _config
    if _config is not None:
        return _config
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
def save_config(config):
    """Save config back to .env file."""
    global _config
    lines = []
    for key, value in config.items():
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
if not new_access_token:
                raise ValueError("No access_token in refresh response")
            
            # Update config with new access token
            config["DROPBOX_ACCESS_TOKEN"] = new_access_token
            save_config(config)
Confidence
94% confidence
Finding
access token

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup

### 1. Create Dropbox App

1. Go to https://www.dropbox.com/developers/apps
2. Create app → Scoped access → Full Dropbox
Confidence
73% confidence
Finding
Create Dropbox App 1. Go to https://www.dropbox.com/developers/apps 2. Create app → Scoped access → Full Dropbox 3. Enable permissions: `files.metadata.read/write`, `files.content.read/write` ### 2.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.