← 返回 Skills 市场
teoslayer

Pilot Dropbox

作者 Calin Teodor · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
76
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pilot-dropbox
功能描述
Shared folder that automatically synchronizes between peers using Pilot Protocol pub/sub. Use this skill when: 1. You need a persistent shared folder that st...
安全使用建议
This skill appears to implement the shared-folder behavior it claims, but you should: 1) verify pilotctl and the pilot-protocol implementation come from a trusted source; 2) ensure the system has jq, md5sum (coreutils), and a file watcher (fswatch or inotifywait) installed — the registry metadata does not declare these dependencies; 3) only join peers/topics you trust because the skill will transmit local files to remote peers via pilotctl; 4) test the workflow in an isolated or non-sensitive directory before pointing it at important data; 5) consider running the watcher under a dedicated user or container to limit blast radius; and 6) if you expect stricter consistency or access controls, prefer other listed alternatives in the SKILL.md (pilot-sync / pilot-stream-data) or inspect pilotctl's auth model first.
功能分析
Type: OpenClaw Skill Name: pilot-dropbox Version: 1.0.0 The skill implements a shared folder synchronization system but contains significant path traversal vulnerabilities in the bash logic within SKILL.md. Specifically, the 'file_removed' and 'dropbox_pull' event handlers use the $FILENAME variable directly from remote JSON input without sanitization, which could allow a malicious peer to delete or exfiltrate arbitrary files outside the intended directory. While these appear to be unintentional vulnerabilities rather than intentional malware, they represent a high security risk.
能力评估
Purpose & Capability
The skill's name/description (a Dropbox-like shared folder over Pilot Protocol) matches the runtime actions (subscribe, publish, send-file). However the registry metadata only declares pilotctl as a required binary while the SKILL.md uses jq, md5sum (coreutils), fswatch or inotifywait, and common file utilities (cp, rm, mkdir). These additional binaries are necessary for the instructions to work but are not declared.
Instruction Scope
Instructions explicitly read/write files under $HOME/pilot-dropbox, compute hashes, watch the directory, and send/receive files via pilotctl (publish/subscribe/send-file). That behavior is coherent with a shared-folder skill, but it grants the skill the ability to transmit local files to peers and to run a background watcher process. There are no instructions that attempt to read unrelated system files or environment variables, but the SKILL.md gives broad discretion about which PEER/TOPIC to use — selecting untrusted peers could leak data.
Install Mechanism
This is an instruction-only skill with no install spec and thus does not download or install code. That reduces installer risk, but it also means the skill assumes required tools are already present on PATH; the manifest should list all of them.
Credentials
No environment variables or credentials are requested by the skill, which is proportionate. However, pilotctl itself likely depends on the user's Pilot Protocol configuration/credentials (not declared here). The skill will cause files to be sent to peers via pilotctl, so the real access control depends on the underlying pilotctl/pilot-protocol configuration and the peers you connect to.
Persistence & Privilege
The skill does not request always:true and doesn't modify other skills or system-wide agent settings. It instructs running background watcher processes in the user's session (normal for a sync tool) but does not attempt to persist as a system service in its instructions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pilot-dropbox
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pilot-dropbox 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug pilot-dropbox
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Pilot Dropbox 是什么?

Shared folder that automatically synchronizes between peers using Pilot Protocol pub/sub. Use this skill when: 1. You need a persistent shared folder that st... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 76 次。

如何安装 Pilot Dropbox?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pilot-dropbox」即可一键安装,无需额外配置。

Pilot Dropbox 是免费的吗?

是的,Pilot Dropbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pilot Dropbox 支持哪些平台?

Pilot Dropbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pilot Dropbox?

由 Calin Teodor(@teoslayer)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论