Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Andara Meeting Minutes
v1.0.0Capture meeting summaries and action items from voice or text
⭐ 0· 95·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's purpose (capture meeting summaries/action items) legitimately may need a database. However, the SKILL.md expects a PostgreSQL connection (psql + $DATABASE_URL) even though the skill metadata declares no required env vars or binaries. That mismatch is incoherent: a DB URL and psql are expected for the stated functionality but are not declared.
Instruction Scope
Instructions tell the agent to parse user messages and execute psql commands via bash with data interpolated into SQL. The examples show direct substitution of parsed text into SQL executed in a shell, which is vulnerable to SQL injection and could leak arbitrary message contents to any database the agent can reach. The instructions do not specify input sanitization, parameterized queries, or limits on what is stored.
Install Mechanism
There is no install spec (instruction-only), which lowers install risk, but the runtime depends on the psql client being present and a reachable PostgreSQL endpoint. The metadata did not declare psql as a required binary or provide an install path, creating an operational and security blind spot.
Credentials
The SKILL.md relies on $DATABASE_URL (a credential/connection string) but the skill declares no required environment variables or primary credential. Requesting access to a database connection is proportionate for storing meetings, but the omission in metadata is a mismatch and a red flag—users would not be prompted to provide or review the DB credential beforehand.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent 'always' presence or other elevated platform privileges. Autonomous invocation is allowed (platform default) but not in itself unusual.
What to consider before installing
Before installing or enabling this skill, ask the developer to: 1) explicitly declare required binaries and environment variables (psql and DATABASE_URL) in the metadata; 2) provide a safer insertion method (use parameterized queries or a DB client library rather than constructing SQL inside bash) to eliminate SQL injection risk; 3) explain what data is stored and for how long, and ensure the DB uses least-privilege credentials (an insert-only, limited-scope role on a non-production/test DB first); 4) confirm the psql binary requirement and network access rules (which hosts/ports the skill will connect to); and 5) consider alternative designs that don't require direct DB credentials in the agent (e.g., a backend service or sanitized API). If the developer cannot supply these clarifications, treat the skill as unsafe to enable with access to any production database or sensitive meeting content.Like a lobster shell, security has layers — review code before you run it.
latestvk973wd5gg67gkgtazj4mxgz3k5835h6n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.