Dropbox Integration
PassAudited by ClawScan on May 10, 2026.
Overview
The skill behaves like a disclosed read-only Dropbox integration, but it still grants broad Dropbox read access and stores long-lived local tokens that users should protect.
This appears safe for its stated read-only Dropbox purpose if you are comfortable granting Dropbox file-read access. Use App Folder access instead of Full Dropbox when possible, keep only the documented read-only scopes, verify credentials.json and token.json are ignored and permission-protected, and review local download paths before letting the agent run commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with access to the token file could read Dropbox files allowed by the app until access is revoked.
The setup can grant read access to the user's whole Dropbox and stores a refresh token locally for ongoing access. This is disclosed and purpose-aligned, but it is sensitive delegated account authority.
Select **"Full Dropbox"** to access all your files ... `token.json` file now contains ... "refresh_token"
Prefer Dropbox App Folder access when possible, keep read-only scopes only, protect credentials.json and token.json, and revoke the connected app when no longer needed.
A mistaken or overly broad destination path could overwrite or create local files.
The download script writes Dropbox content to a local path supplied on the command line. This is central to the skill, but the destination path is not constrained.
const localPath = process.argv[3]; ... await fs.mkdir(dir, { recursive: true }); ... await fs.writeFile(localPath, buffer);Review download destinations before running the script and use a dedicated downloads folder rather than sensitive system or project paths.
A future dependency update could change runtime behavior compared with the reviewed artifacts.
The skill depends on the Dropbox npm package with a semver range. This is expected, but a range can install newer versions than the reviewed one.
"dependencies": { "dropbox": "^10.34.0" }Install dependencies from trusted sources and consider using a package lockfile or pinned dependency version for reproducible installs.
If the credential and token files are not actually ignored in a git-managed directory, Dropbox secrets could be accidentally committed.
The documentation makes a strong safety claim about credentials.json being gitignored, but the provided file manifest does not include a .gitignore file. Users should verify this rather than rely on the claim.
**Important:** This file is gitignored and will never be committed.
Create or verify a .gitignore entry for credentials.json, token.json, and node_modules before storing real Dropbox credentials.