dropbox-automation

[Skill Scanner] Skill instructions include directives to hide actions from user This skill manifest is coherent with its stated goal of automating Dropbox operations and does not contain explicit malicious code or hardcoded secrets. The main security concern is architectural: the manifest requires using a third-party MCP/Composio endpoint (rube.app/mcp) as a mediator for OAuth and all toolkit calls, which centralizes access to user files and tokens in an external service. That design is plausible for a legitimate managed toolkit, but it increases supply-chain risk because the MCP/toolkit could see or persist sensitive data and tokens. Recommend reviewing the MCP/Composio privacy, credential storage, and network flow documentation, and restricting trust to verified MCP endpoints. Overall: not evidently malicious but presents a moderate supply-chain risk due to the external MCP mediation. LLM verification: The instruction file itself does not contain executable malware or hard-coded secrets, but it explicitly centralizes Dropbox OAuth flows and file traffic through a third-party MCP (rube.app). This design is a supply-chain and privacy risk: the MCP/operator could access or exfiltrate tokens and file contents if malicious or breached. The static scanner note about hiding actions increases concern if true. Recommendation: treat this as high trust-required infrastructure — only use with an auditable