ClawHub

Claw Drive

v0.4.4

Claw Drive — AI-managed personal drive for OpenClaw. Auto-categorize, tag, deduplicate, and retrieve files with natural language. Backed by Google Drive for...

2· 541·4 current·4 all-time
byDissao@zhiyuanw101
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (AI-managed personal drive backed by Google Drive) match the files and runtime instructions. The skill requires only the 'claw-drive' binary and documents optional dependencies (rclone, fswatch, pymupdf) that are directly related to sync and content extraction. No unrelated credentials or unexpected binaries are requested.
Instruction Scope
SKILL.md explicitly tells the agent to run the claw-drive CLI and to never read file contents without explicit user consent. The instructions legitimately require reading/writing INDEX.jsonl, scanning/migrating arbitrary directories, and optionally extracting file contents (PDFs/images) into the conversation transcript. That behavior is consistent with the stated purpose, but it carries privacy risk because extracted contents are logged permanently to .jsonl transcripts — the skill documents this, but users must understand the implication before allowing reads. The docs also suggest running 'make install' from the skill directory if symlinks are broken, which means the agent (if permitted) could run build/install steps in the skill directory.
Install Mechanism
Install is via a Homebrew tap (dissaozw/tap/claw-drive) which builds/installs the 'claw-drive' binary. Using a third‑party brew tap (rather than an official org) is a reasonable delivery mechanism but requires trusting the tap maintainer. There are no opaque downloads or URLs in the install spec and the repository includes readable shell scripts (no obfuscated code).
Credentials
requires.env is empty and the skill does not demand unrelated secrets. Optional Google Drive sync uses rclone and will store credentials in the user's standard rclone config (~/.config/rclone/rclone.conf). The skill does not itself request API keys or other unrelated tokens. This is proportionate to a Google Drive sync feature.
Persistence & Privilege
always:false and the skill is user-invocable. Sync is opt-in, but starting sync installs a launchd service (com.claw-drive.sync) that the skill writes to ~/Library/LaunchAgents and loads. That creates a persistent background sync process (expected for a sync feature) and the plist embeds PATH and CLAW_DRIVE_DIR. Because the daemon can run at login and restart on failure, users should review the plist and logs before enabling.
Assessment
What to check before installing/using Claw Drive: - Review the Homebrew tap (dissaozw/tap) and the built binary before installing; third‑party taps require trusting the maintainer. If possible, build from the repository yourself or inspect the installed binary. - Understand logging and data flow: if the agent is allowed to read file contents, those extracted contents become part of conversation transcripts and are written to JSONL logs permanently on disk. Never allow reading of highly sensitive files unless you accept that logging behavior. - Keep Google sync optional: only run 'claw-drive sync auth' and 'sync start' if you intend to store credentials in your rclone config and to run a background daemon. Review ~/.config/rclone/rclone.conf and the generated launchd plist (~/Library/LaunchAgents/com.claw-drive.sync.plist) before enabling the daemon. - Consider agent invocation policy: by default the skill can be invoked autonomously. If you want an extra safety guard, require manual confirmation before letting the agent run store/reindex/migrate commands that read files. - When performing large migrations/reindexes, preview plans (dry run) and avoid enabling full content extraction until you confirm it will only run on files you expect. If you want a more confident judgment, provide the Homebrew formula contents or the built binary so they can be inspected for unexpected network calls or privileged actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eepjf2x1h87520b5wfm7sxn81mp5v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📂 Clawdis
Binsclaw-drive

Install

Install Claw Drive (brew)
Bins: claw-drive
brew install dissaozw/tap/claw-drive

Comments