ClawHub

Meeting Prep Agent

Security checks across malware telemetry and agentic risk

Overview

This meeting-prep skill has a legitimate purpose, but its auto-prep script can wipe its own persistent history and its privacy controls are weaker than the documentation implies.

Review before installing. Use on-demand dry-run mode first, and do not schedule auto-prep with cron until the history-file overwrite/reset behavior is fixed. Treat ~/.config/meeting-prep as a sensitive local cache, restrict who can read it, and manually delete old briefs/history because the advertised expiry and redaction settings are not implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script claims to use mock calendar data as a placeholder, but it also unconditionally writes to the real persistent history file under the user's config directory. That means a test or placeholder code path can corrupt production state, causing incorrect meeting-prep behavior and loss of historical tracking.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
Despite the comment saying cleanup would not happen in a real run, the code always deletes and recreates the persistent history file. This destroys prior state every execution, defeating duplicate-prep protection and potentially causing repeated processing or loss of audit/history data.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The skill advertises broad automatic triggering before calendar events without tightly scoped eligibility, confirmation, or least-privilege boundaries. In a calendar-integrated context, that can cause unintended processing of meeting metadata and attendee information, including sensitive internal or personal events, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description encourages researching attendees using external sources but does not prominently warn users that attendee identities, emails, company names, and calendar context may be sent to third-party services. That omission is dangerous because users may enable the workflow without informed consent, creating privacy, compliance, and confidentiality exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persistently writes generated meeting briefs and a lookup history to user-controlled files under the config directory without any explicit notice, confirmation, or consent at write time. Because the skill automatically researches attendees and compiles personal/professional context, these files can accumulate sensitive meeting intelligence on disk where they may later be exposed to other local users, backups, sync tools, or compromise of the endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal