Skillv1.0.1

ClawScan security

Dropbox Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:22 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions align with a read-only Dropbox integration; the main issues are documentation/metadata omissions and the usual risks of storing OAuth credentials and tokens on disk.
Guidance: This skill appears to implement a legitimate read-only Dropbox integration, but check a few things before installing: - Trust & provenance: the owner/homepage is unknown. Only install if you trust the source or have reviewed the code yourself. - Metadata mismatch: the registry metadata claims no required config paths/env vars, but the code requires credentials.json (app_key/app_secret) and produces token.json — ensure you provide these files and protect them. - Least privilege: consider creating an 'App folder' Dropbox app instead of 'Full Dropbox' to limit exposure, unless you need account-wide reads. - Protect secrets: credentials.json and token.json are stored on disk in the skill directory; ensure .gitignore is correct and set restrictive file permissions (e.g., 0600). Rotate/revoke tokens if the machine or skill environment is compromised. - Node & environment: run the skill in a controlled environment (container or dedicated user) and run 'npm install' inside that environment. Verify Node version (uses fetch and modern SDK—Node 18+ recommended). - Use caution when downloading: the download script writes to any local path you supply — avoid passing sensitive system paths to the skill or letting the agent choose target paths without constraints. If you want higher assurance, have someone you trust review the included JS files (setup-oauth.js, dropbox-helper.js, etc.) and confirm token storage and refresh behavior are acceptable.

Review Dimensions

Purpose & Capability: okName/description match the code and instructions: scripts browse, search, download, OAuth setup, and token refresh all call Dropbox APIs with read-only scopes (files.metadata.read, files.content.read, account_info.read). Requiring an app key/secret and refresh token is expected for this purpose.
Instruction Scope: noteSKILL.md and code stay within the stated purpose (starting a local OAuth flow, saving token.json, listing/searching/downloading). The instructions require running a local HTTP server for OAuth and writing credentials.json and token.json in the skill directory—these are expected but worth noting because they create sensitive files on disk. Scripts will write downloaded files to arbitrary local paths you provide (expected behavior for a downloader).
Install Mechanism: okNo install spec is provided (lowest risk) and the package uses the official 'dropbox' npm dependency. SKILL.md instructs to run 'npm install dropbox' which is normal. No downloads from untrusted URLs or archives are present.
Credentials: concernRegistry metadata lists no required config paths or env vars, but the code expects credentials.json (app_key/app_secret) and token.json in the skill directory. That mismatch between declared requirements and actual required files is a documentation/metadata inconsistency users should notice. The skill requires sensitive secrets (app secret and refresh token) which are stored plaintext in token.json and must be protected; this is proportionate to the feature but should be handled carefully.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable. It persists tokens and credentials only in its own directory (token.json/credentials.json) and does not modify other skills or system-wide settings. Autonomous invocation is enabled by default (normal); combine that with token access only if you trust the skill source.