ClawHub

Dropbox Integration

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate read-only Dropbox helper, but it asks users to grant broad Dropbox read access and stores long-lived Dropbox credentials locally in a way that deserves careful review.

Install only if you are comfortable granting this skill read access to Dropbox data. Prefer the App folder access mode unless you truly need whole-account search and downloads, create or verify a .gitignore for credentials.json and token.json, restrict file permissions, avoid running setup in logged or shared terminals, and review every download destination before letting the agent write files locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly relies on network access for OAuth and Dropbox API calls, but the markdown does not declare that capability in a structured permissions field. This creates a transparency and policy-enforcement gap: users or platforms may not realize the skill initiates outbound connections and handles remote authentication flows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The description frames the skill as browsing, searching, and downloading files, but the documented behavior also includes retrieving Dropbox account information such as name, email, and account ID. Even if this is operationally normal for a connection test, collecting additional personal data beyond the stated purpose weakens informed consent and may surprise users.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The guide markets the integration as read-only but instructs users to create a 'Full Dropbox' app, which expands data exposure from a single app folder to the user's entire Dropbox. Even with read-only scopes, this grants broad visibility into all files and metadata, increasing the blast radius if the app or tokens are compromised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The download examples show writing Dropbox content to arbitrary local paths, but the documentation does not clearly warn that local files may be created or overwritten. In an agent-driven context, this can cause unintended data loss, clobber existing files, or place untrusted remote content into sensitive local locations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to place the Dropbox app secret in a local plaintext JSON file, with only a gitignore warning. Plaintext local secret storage is risky because other local users, malware, backups, shell history, or accidental file sharing can expose reusable credentials that allow token minting and API access.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The guide shows access and refresh tokens in terminal output and stores them in token.json without a strong warning about their sensitivity. Refresh tokens are long-lived reusable credentials; if exposed through logs, screenshots, shell recording, local compromise, or backups, an attacker can maintain persistent access to the user's Dropbox data.

Credential Access

High
Category
Privilege Escalation
Content
### Authentication Flow

1. **Initial Setup:** User authorizes the app via OAuth 2.0
2. **Token Storage:** Access token + refresh token saved to `token.json`
3. **Auto-Refresh:** Before each API call, checks if token needs refresh
4. **Seamless Access:** Automatically refreshes tokens 5 minutes before expiration
Confidence
71% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
### Token Lifecycle

- **Access Token:** Short-lived (typically 4 hours)
- **Refresh Token:** Long-lived (doesn't expire unless revoked)
- **Auto-refresh:** Happens transparently in `dropbox-helper.js`
- **Refresh Buffer:** 5 minutes before expiration to prevent edge cases
Confidence
74% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
## Security Best Practices

1. **Never commit credentials:** Always keep `credentials.json` and `token.json` gitignored
2. **Use read-only permissions:** Only enable write permissions if absolutely necessary
3. **Rotate tokens regularly:** Consider re-authenticating periodically
4. **Monitor app usage:** Check the Dropbox App Console for usage stats
Confidence
84% confidence
Finding
credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal