Back to plugin
Pluginv0.1.0
ClawScan security
Drive · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 29, 2026, 12:15 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The Drive plugin's requested capabilities, runtime instructions, and code are consistent with a local file‑management tool that operates inside a configured root folder and does not ask for unrelated credentials or external installs.
- Guidance
- This plugin will access and modify files under the configured Drive root and its trash directory—so set rootPath to a dedicated folder (not your home or system folders) and keep trashPath within a safe location. Review or pin the plugin version if you want to audit changes over time. If you need stronger guarantees, inspect the functions that canonicalize/resolve paths (resolveExistingDrivePath, ensureRoot, movePath) to confirm they prevent escapes (symlink/.. traversal) before granting access to sensitive directories.
Review Dimensions
- Purpose & Capability
- okName/description (local Drive-style file manager) match the code and tools provided. The plugin only requires local filesystem access to a configurable root and trash path; there are no unrelated environment variables, binaries, or external credentials requested.
- Instruction Scope
- okSKILL.md restricts behavior to the configured Drive root and documents preferred tools/behaviors (use list/search before acting, prefer trash). The implementation registers the declared drive_* tools and their parameters and returns textual results. The instructions do not ask the agent to read unrelated system state or external endpoints.
- Install Mechanism
- okThere is no external download/install hook. The package contains source and built JS artifacts (dist/) and a package.json; no install URL or extract behavior is present in the registry metadata. The lockfile includes many transitive packages (normal for JS projects) but there is no custom remote installation step.
- Credentials
- okThe skill declares no required environment variables, secrets, or config paths. All filesystem paths it uses (rootPath, trashPath) are configurable and justified by the plugin's purpose. No credentials for cloud or external services are requested.
- Persistence & Privilege
- okThe skill does not request always:true and does not attempt to modify other skills or global agent settings. It registers tools for agent invocation (normal behavior) and stores nothing beyond its own trash index under its configured trashPath.