Back to skill

Security audit

Dropbox Integration

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Dropbox read-only helper, but it grants broad Dropbox visibility and stores long-lived access credentials locally in ways users should review carefully.

Install only if you are comfortable giving this skill read access to Dropbox data. Prefer Dropbox App Folder access unless you truly need whole-account search, keep credentials.json and token.json out of git and backups, restrict their permissions, avoid running setup in recorded or shared terminals, revoke the Dropbox app if tokens may have leaked, and review every download path before allowing local writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation clearly describes network-based OAuth and Dropbox API access, but the skill metadata shown in this file does not declare corresponding permissions. That mismatch can undermine policy enforcement and informed consent because users may install a skill without explicit visibility into its network capabilities.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill repeatedly markets itself as read-only, but this section tells users they can use 'any Dropbox SDK method' through the helper. If the helper exposes a fully privileged client and the Dropbox app is later granted broader scopes, consumers may use the skill for actions beyond the documented safety boundary, creating a dangerous trust gap.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The early documentation emphasizes that the integration is safely read-only, but later guidance contradicts that guarantee by encouraging direct use of arbitrary SDK methods. This inconsistency can mislead users and downstream agents into trusting the skill more than warranted, especially when OAuth scopes or future code changes expand capabilities.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide instructs users to download a Dropbox file to a local path but does not explicitly warn that the destination file will be created or overwritten. In a file-access skill, omission of overwrite semantics can lead to accidental local data loss or writing sensitive content to an unintended path, especially when users copy commands verbatim.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide displays token values and a sample token.json structure containing access and refresh tokens, but it does not clearly warn users never to paste, display, screenshot, or share real token material. Because these tokens grant Dropbox access, exposing live values in terminals, logs, bug reports, or screen recordings could directly compromise a user's account data.

Credential Access

High
Category
Privilege Escalation
Content
const fs = require('fs').promises;
const path = require('path');

const CREDENTIALS_PATH = path.join(__dirname, 'credentials.json');
const TOKEN_PATH = path.join(__dirname, 'token.json');

// Buffer time: refresh 5 minutes before actual expiration
Confidence
87% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
console.log('\n✅ Success! Token saved to token.json');
      console.log('\nToken details:');
      console.log(`  - Access token: ${tokenData.access_token.substring(0, 20)}...`);
      if (tokenData.refresh_token) {
        console.log(`  - Refresh token: ${tokenData.refresh_token.substring(0, 20)}...`);
        console.log('  - This token will not expire (use refresh token to get new access tokens)');
Confidence
90% confidence
Finding
Access token

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "",
  "license": "MIT",
  "dependencies": {
    "dropbox": "^10.34.0"
  }
}
Confidence
89% confidence
Finding
"dropbox": "^10.34.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.potential_exfiltration

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dropbox-helper.js:49

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
test-connection.js:20

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dropbox-helper.js:31

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
test-connection.js:19