ClawHub

McKinsey-Style Meeting Brief Copilot

Security checks across malware telemetry and agentic risk

Overview

This skill is a text-only meeting-prep helper with no hidden execution, but users should avoid pasting unnecessary sensitive business or personal details.

Reasonable to install as a meeting drafting aid. Before using it, redact secrets, credentials, regulated personal data, legal-privilege material, customer data, and nonessential internal details from notes or email threads, and review any generated follow-up before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill explicitly invites users to paste email threads, meeting notes, and stakeholder details, which commonly contain confidential business information, personal data, or privileged communications, but it provides no caution, minimization guidance, or sanitization instructions. In a meeting-prep context, this increases the likelihood that users will overshare sensitive material into the system without considering privacy, confidentiality, or data-handling implications.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example prompts are very broad meeting-assistance requests that closely resemble ordinary user intent, with no clear boundaries indicating when this specific skill should activate versus a general writing or summarization assistant. That can cause overbroad triggering or routing, leading the skill to process sensitive emails, notes, and relationship data in contexts the user may not have intended.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal