Trust Assessment
dropbox received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, Arbitrary File Read via Upload Function.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read via Upload Function The `upload` command in `scripts/dropbox.py` allows an attacker to specify an arbitrary `local_path` from the command line. The script then reads the content of this file using `open(local_path, 'rb')` and uploads it to Dropbox. This can be exploited to exfiltrate sensitive files from the system where the skill is executed, as there is no validation or sanitization of the provided path. Implement strict validation and sanitization of file paths provided by user input. Restrict file operations to a designated, sandboxed directory, or use a file picker/selection mechanism that does not allow arbitrary paths. Ensure that `local_path` cannot traverse directories outside of an intended working directory. | LLM | scripts/dropbox.py:251 | |
| CRITICAL | Arbitrary File Write via Download Function The `download` command in `scripts/dropbox.py` allows an attacker to specify an arbitrary `local_path` (destination path) from the command line. The script then writes the downloaded content from Dropbox to this specified path using `with open(dest_path, 'wb') as f:`. This can be exploited to overwrite critical system files or write malicious executables to arbitrary locations on the filesystem, as there is no validation or sanitization of the provided path. Implement strict validation and sanitization of file paths provided by user input. Restrict file operations to a designated, sandboxed directory, or use a file picker/selection mechanism that does not allow arbitrary paths. Ensure that `local_path` cannot traverse directories outside of an intended working directory. | LLM | scripts/dropbox.py:247 | |
| HIGH | Potential data exfiltration: file read + network send Function 'content_api_call' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/thekie/dropbox-lite/scripts/dropbox.py:152 | |
| HIGH | Potential data exfiltration: file read + network send Function 'content_upload' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/thekie/dropbox-lite/scripts/dropbox.py:170 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/thekie/dropbox-lite/scripts/dropbox.py:11 | |
| INFO | Inaccurate Python Dependency Declared The `package.json` file declares `requests` as a Python dependency under `clawhub.dependencies.python`. However, a review of the `scripts/dropbox.py` script indicates that it uses Python's built-in `urllib.request` module for HTTP requests and does not import or utilize the `requests` library. This discrepancy could lead to unnecessary package installations or confusion regarding the skill's actual dependencies. Remove the `requests` dependency from `package.json` if it is not actually used by the skill's Python script. Ensure all declared dependencies accurately reflect the skill's requirements to avoid unnecessary installations and potential supply chain confusion. | LLM | package.json:20 |
Scan History
Embed Code
[](https://skillshield.io/report/f0997b0ccf8730e0)
Powered by SkillShield