Claw Drive
PassAudited by ClawScan on May 10, 2026.
Overview
Claw Drive appears to be a coherent personal file organizer, with clearly disclosed risks around persistent indexing, optional Google Drive sync, and a background sync service.
Install only if you are comfortable letting an agent organize selected personal files. Before enabling Google Drive sync, review the remote path and .sync-config exclusions, avoid reading/indexing sensitive contents, and remember that the Homebrew-installed binary was not fully present in the reviewed artifacts.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you let the agent read a file, details from that file may remain in local logs or the persistent index.
The skill explicitly persists extracted file details and searchable descriptions, so sensitive content could remain available in future context/logs if the user allows reading.
Extracted content enters the conversation transcript ... logged permanently to `.jsonl` files. ... Descriptions in INDEX.jsonl are also persistent.
Only allow content reading for files you are comfortable indexing, keep descriptions redacted, and use the sensitive/private flow for identity, financial, or confidential documents.
After sync is enabled, files not excluded by .sync-config can be copied to the configured Google Drive remote.
Optional sync sends local drive contents to an external provider through rclone; this is disclosed and purpose-aligned, but it changes the data boundary.
fswatch ... rclone sync → Google Drive (cloud backup) ... Files sync within seconds of any change.
Review .sync-config before starting sync, keep sensitive folders excluded, and confirm the Google Drive remote path is a dedicated Claw Drive folder.
Enabling sync grants rclone access to the chosen Google Drive account/remote.
The optional sync setup authorizes a Google Drive rclone remote and stores the resulting token in standard rclone configuration.
rclone authorize "drive" ... rclone config create gdrive drive config_is_local=false config_token="$token"
Use a Google account and remote folder you trust for this purpose, and revoke the rclone authorization if you stop using the skill.
Once started, the sync daemon can keep running and uploading changed files until stopped.
The background service is disclosed and user-started, but it is persistent and continues syncing after the initial command.
`claw-drive sync start` installs a launchd service (`com.claw-drive.sync`) ... The daemon starts on login and restarts on failure.
Run `claw-drive sync status` to check it and `claw-drive sync stop` when you do not want background syncing.
This review can assess the included scripts and documentation, but not the exact binary Homebrew will install.
The required runtime binary is installed from an external Homebrew tap, while the provided artifact set does not include the installed executable itself.
brew | formula: dissaozw/tap/claw-drive | creates binaries: claw-drive
For higher assurance, review the Homebrew formula and installed binary source before installing.
Incorrect paths or overly broad actions could remove or reorganize files inside the Claw Drive directory.
The CLI includes file mutation and deletion capabilities, which are expected for a drive manager but should remain user-directed.
`claw-drive delete <path> [--force]` | Delete a file, its index entry, and dedup hash
Use dry-run/review flows where available and confirm paths before force deletion or migration.