← Back to Skills Marketplace
Pilot Dropbox
by
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
76
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pilot-dropbox
Description
Shared folder that automatically synchronizes between peers using Pilot Protocol pub/sub. Use this skill when: 1. You need a persistent shared folder that st...
Usage Guidance
This skill appears to implement the shared-folder behavior it claims, but you should: 1) verify pilotctl and the pilot-protocol implementation come from a trusted source; 2) ensure the system has jq, md5sum (coreutils), and a file watcher (fswatch or inotifywait) installed — the registry metadata does not declare these dependencies; 3) only join peers/topics you trust because the skill will transmit local files to remote peers via pilotctl; 4) test the workflow in an isolated or non-sensitive directory before pointing it at important data; 5) consider running the watcher under a dedicated user or container to limit blast radius; and 6) if you expect stricter consistency or access controls, prefer other listed alternatives in the SKILL.md (pilot-sync / pilot-stream-data) or inspect pilotctl's auth model first.
Capability Analysis
Type: OpenClaw Skill
Name: pilot-dropbox
Version: 1.0.0
The skill implements a shared folder synchronization system but contains significant path traversal vulnerabilities in the bash logic within SKILL.md. Specifically, the 'file_removed' and 'dropbox_pull' event handlers use the $FILENAME variable directly from remote JSON input without sanitization, which could allow a malicious peer to delete or exfiltrate arbitrary files outside the intended directory. While these appear to be unintentional vulnerabilities rather than intentional malware, they represent a high security risk.
Capability Assessment
Purpose & Capability
The skill's name/description (a Dropbox-like shared folder over Pilot Protocol) matches the runtime actions (subscribe, publish, send-file). However the registry metadata only declares pilotctl as a required binary while the SKILL.md uses jq, md5sum (coreutils), fswatch or inotifywait, and common file utilities (cp, rm, mkdir). These additional binaries are necessary for the instructions to work but are not declared.
Instruction Scope
Instructions explicitly read/write files under $HOME/pilot-dropbox, compute hashes, watch the directory, and send/receive files via pilotctl (publish/subscribe/send-file). That behavior is coherent with a shared-folder skill, but it grants the skill the ability to transmit local files to peers and to run a background watcher process. There are no instructions that attempt to read unrelated system files or environment variables, but the SKILL.md gives broad discretion about which PEER/TOPIC to use — selecting untrusted peers could leak data.
Install Mechanism
This is an instruction-only skill with no install spec and thus does not download or install code. That reduces installer risk, but it also means the skill assumes required tools are already present on PATH; the manifest should list all of them.
Credentials
No environment variables or credentials are requested by the skill, which is proportionate. However, pilotctl itself likely depends on the user's Pilot Protocol configuration/credentials (not declared here). The skill will cause files to be sent to peers via pilotctl, so the real access control depends on the underlying pilotctl/pilot-protocol configuration and the peers you connect to.
Persistence & Privilege
The skill does not request always:true and doesn't modify other skills or system-wide agent settings. It instructs running background watcher processes in the user's session (normal for a sync tool) but does not attempt to persist as a system service in its instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pilot-dropbox - After installation, invoke the skill by name or use
/pilot-dropbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pilot Dropbox?
Shared folder that automatically synchronizes between peers using Pilot Protocol pub/sub. Use this skill when: 1. You need a persistent shared folder that st... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.
How do I install Pilot Dropbox?
Run "/install pilot-dropbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pilot Dropbox free?
Yes, Pilot Dropbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pilot Dropbox support?
Pilot Dropbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pilot Dropbox?
It is built and maintained by Calin Teodor (@teoslayer); the current version is v1.0.0.
More Skills