Meeting Autopilot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Meeting Autopilot is purpose-aligned but asks the agent to automatically read broad calendar, email, document, and meeting-history data and store it for reuse without clear limits.
Before installing, decide exactly which calendars, mailboxes, documents, and meetings this skill may access. Avoid using it for confidential, legal, medical, HR, or regulated meetings unless you have clear memory-retention and deletion controls, and always review follow-up drafts before sending.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could pull in private business or personal communications beyond what you intended for a particular meeting.
The skill asks the agent to inspect sensitive communications and documents for attendees, but the artifact does not bound which accounts, mailboxes, conversations, or document repositories may be used.
Recent email threads or conversations with each attendee ... Relevant documents or emails related to the meeting topic
Use only with explicitly selected accounts and data sources, and require the agent to ask before using emails, documents, or attendee history for sensitive meetings.
Confidential meeting details, commitments, or incorrect notes may persist and later influence future briefs or follow-ups.
The skill explicitly persists meeting summaries for future automatic reuse, but does not specify retention limits, deletion controls, what is stored, or how inaccurate or sensitive entries can be corrected.
Stored in your agent's memory for future meeting prep ... Used automatically in future meeting briefs
Confirm where memory is stored, how to review and delete entries, and disable automatic reuse for confidential or regulated meetings.
The agent may process meetings and create trackers or briefs for events you did not intend it to monitor.
The skill describes recurring automatic activity across all calendar events and meeting follow-up workflows, without clear opt-in, exclusion lists, or stopping conditions.
automatically 30 minutes before any calendar event ... Automatic after every meeting ... Every Friday
Require explicit enablement per calendar or meeting category, and add controls to pause automation, exclude private events, and review tracked items.
A mistaken draft could still be sent if you approve it without careful review.
The skill contemplates sending meeting follow-up emails, which can affect other people, but it does disclose a user-approval requirement before sending.
Always shown to you for approval before sending ... Never sent without your explicit confirmation
Review recipients, tone, confidential content, and action-item accuracy before approving any outbound email.