ClawHub

Granola Meeting Notes (MCP)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it connects an agent to Granola meeting notes and refreshes Granola OAuth tokens, with sensitive but disclosed access.

Install only if you want your agent to access Granola meeting notes and transcripts in this workspace. Keep the OAuth and mcporter config files private, verify the token endpoint is Granola's official HTTPS endpoint, and only enable periodic token refresh if you are comfortable with background access renewal.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes shell commands (`bash`, `curl`) and updates local config files containing OAuth bearer tokens, but it does not declare permissions or guardrails for shell execution and file writes. In a meeting-notes context, this creates a real risk of secret modification or unintended command execution pathways, especially because auth-refresh behavior is part of normal operation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation description is broad enough to trigger on many general questions about meetings, decisions, or action items, which could cause the agent to access sensitive meeting data when the user did not clearly intend to query Granola. Because the skill can retrieve full notes and transcripts, overbroad invocation increases privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is designed to retrieve verbatim transcripts and meeting notes, which often contain sensitive personal, business, or confidential information, yet the documentation provides no user-facing privacy warning or consent boundary. In this context, missing privacy guidance makes accidental overexposure more likely, especially when combined with broad activation language.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal