ClawHub
Back to skill

Security audit

Google Meet

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Meet connector skill, but users should treat meeting transcripts, recordings, attendance data, and ending live calls as sensitive actions.

Install only if you trust AgentPMT with your Google Meet access. Use least-privilege account setup, avoid putting secrets in prompts or logs, confirm the exact meeting before ending a live call, and access recordings, transcripts, and attendance data only when you are authorized to do so.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest description emphasizes meeting-space management but omits that the skill can expose recordings, transcripts, speaker-attributed entries, participant identities, and attendance history. That understatement can cause downstream agents or users to invoke the skill without appreciating its surveillance and sensitive-data reach, increasing the chance of overbroad or non-consensual data access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents retrieval of recordings, transcripts, participant identities, and attendance data but provides no explicit privacy, consent, or authorized-use warning. Because these are highly sensitive collaboration artifacts, the lack of guardrails makes misuse more likely in contexts involving employee monitoring, confidential meetings, or unauthorized review of communications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes an `end_conference` action that can terminate a live meeting, but the documentation does not clearly warn that this is a destructive operation affecting active participants. Without a caution or confirmation pattern, an agent could invoke it inadvertently or prematurely, causing service disruption and possible business impact.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.