Security Audit
dropbox-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
dropbox-automation received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions: Broad Dropbox Account Control, Data Exfiltration Risk via Broad Tool Access, Unpinned Dependency on External MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions: Broad Dropbox Account Control The skill `dropbox-automation` provides access to a comprehensive set of Dropbox API operations, including file upload, download, search, sharing, creation, modification, and deletion of files and folders. This grants the AI agent near-full control over the connected Dropbox account. If the agent's decision-making process is compromised (e.g., via prompt injection), it could be coerced into performing unauthorized actions such as deleting critical data, exfiltrating sensitive files via public shared links, or uploading malicious content. 1. Implement Least Privilege: Break down this monolithic skill into smaller, more granular skills with specific, limited scopes (e.g., 'Dropbox Read-Only Search', 'Dropbox Uploader', 'Dropbox Folder Manager'). 2. Granular Access Control: Ensure the underlying Rube MCP and Dropbox OAuth integration enforce the principle of least privilege, allowing the agent to only access what is strictly necessary for a given task. 3. Human-in-the-Loop: For sensitive operations (e.g., creating public shared links, deleting folders), implement a human approval step before the agent executes the action. | LLM | SKILL.md:1 | |
| HIGH | Data Exfiltration Risk via Broad Tool Access The skill provides tools like `DROPBOX_READ_FILE` and `DROPBOX_CREATE_SHARED_LINK`. While these are legitimate functions, their broad availability to the AI agent creates a significant data exfiltration risk. A compromised agent could be prompted to read sensitive files from Dropbox and then either return their content directly to an attacker or create public shared links for those files, making them accessible outside the intended audience. 1. Restrict Tool Access: Limit the agent's access to `DROPBOX_READ_FILE` and `DROPBOX_CREATE_SHARED_LINK` to only when absolutely necessary, and ideally with human oversight for sensitive operations. 2. Content Filtering: Implement output filtering for the agent to prevent it from directly returning sensitive file contents to users. 3. Shared Link Policies: Configure Dropbox sharing policies to restrict public link creation or require approval. | LLM | SKILL.md:60 | |
| MEDIUM | Unpinned Dependency on External MCP The skill explicitly depends on 'Rube MCP' from `https://rube.app/mcp`. There is no version pinning or mechanism described to ensure the stability or security of the tools provided by this external Managed Capability Provider. Changes to the Rube MCP platform or its Dropbox toolkit could introduce breaking changes, vulnerabilities, or altered behavior without the skill author's explicit knowledge or control, posing a supply chain risk. 1. Version Pinning: If possible, specify a version or a specific endpoint for the Rube MCP to ensure consistent tool behavior. 2. Vendor Trust & Monitoring: Establish a trust relationship with the Rube MCP provider and monitor their updates and security advisories. 3. Local Tool Definitions: Consider defining tool schemas locally or using a proxy that caches and validates tool definitions to mitigate risks from external changes. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/51c777d233ddcc4d)
Powered by SkillShield