ClawHub

Meeting Prep

Security checks across malware telemetry and agentic risk

Overview

This meeting-prep skill is instruction-only and its web, people, company, notes, and CRM research are disclosed and aligned with making meeting briefs.

Install this only if you are comfortable with the agent researching meeting attendees and companies and, when available, using prior notes or CRM records. Keep access scoped to work-authorized sources, avoid collecting sensitive personal details, and review the generated brief before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples are broad enough that the skill may activate on loosely related requests and begin gathering external and internal context without clear user intent. In a skill that performs web research and may access prior notes or CRM data, overbroad activation increases the chance of unnecessary data collection and disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs broad research on individuals, including LinkedIn activity and public statements, without any privacy guardrails, minimization rules, or sensitivity checks. This can lead to excessive profiling, collection of sensitive personal data, or use of irrelevant personal details beyond what is necessary for meeting preparation.

Missing User Warnings

High
Confidence
96% confidence
Finding
Directing the skill to pull previous notes or CRM data without authorization, access-scope, or confidentiality checks creates a real risk of exposing sensitive internal records, customer data, or prior communications to the wrong context. Because CRM and meeting notes often contain proprietary, contractual, or personal information, misuse could result in internal data leakage and privacy violations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal