dropbox-automation

SUSPICIOUS. The skill is purpose-aligned and lacks classic malware signals like hidden installers or credential-file theft, but it routes sensitive Dropbox operations through a hosted third-party MCP layer and grants broad real-world file and sharing actions. Risk is driven by delegated OAuth trust, potential data exfiltration via file reads/shared links, and the ability to modify or delete Dropbox contents at scale.