ClawHub

Google Drive Setup

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises, but it handles long-lived Google Drive credentials and creates a boot-persistent system mount without enough user control or safety guidance.

Review before installing. Use only on a trusted single-user Linux machine where you intentionally want Google Drive mounted at boot. Protect rclone.conf and gog credential files with owner-only permissions, avoid --allow-other unless necessary, back up any existing rclone config, and know how to disable the service with systemctl disable --now rclone-gdrive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to export a keyring password, dump OAuth tokens to /tmp, and extract client secrets without warning that these values grant ongoing access to Google Drive. Storing or handling them carelessly can expose long-lived credentials through shell history, world-readable temp paths, backups, or other local users/processes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The token refresh step sends client_id, client_secret, and refresh_token over a network request without any user-facing notice that OAuth secrets are being transmitted and may be exposed through shell history, process listings, logs, or debugging tools. Even though the destination is Google's token endpoint, users should be warned about the sensitivity of these values.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill configures a system-wide mount with --allow-other and a boot-persistent systemd service, but does not warn that this may expose mounted Drive contents to other local users and create persistent access on every reboot. In a multi-user or shared system, this can significantly broaden data exposure and operational impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists highly sensitive OAuth material, including the refresh token and client secret, into ~/.config/rclone/rclone.conf in plaintext. A refresh token enables long-lived access to the user's Google Drive, so local compromise, backup leakage, or overly permissive file permissions can expose full account data access well beyond the current session.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes a systemd unit into /etc/systemd/system, enables it, and starts it immediately without confirmation. This creates persistent system modification and ongoing access to Google Drive at boot, which is risky in an automation context because it changes host behavior and trust boundaries beyond the immediate task.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal