dropbox

clawhub:dropbox

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

Git clone and execute chain SUPPLY_012

supply-chain L11

Detects git clone of repositories followed by execution of cloned content

git clone https://github.com/RyanLisse/Dropbook.git + cd Dropbook
make build

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.

LOW

System package manager install EXTDL_011

external-download L297

Detects system-level package installation via brew, apt, yum, or dnf

brew install r

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

LOW

System package manager install EXTDL_011

external-download L402

Detects system-level package installation via brew, apt, yum, or dnf

brew install r

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.