Meeting Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only meeting-memory integration that clearly sends user-provided meeting content to BlueColumn for persistent recall, with privacy cautions users should consider.

Install only if you are comfortable sending meeting recordings, transcripts, notes, and action items to BlueColumn for persistent searchable storage. Use a revocable API key, keep it private, and check BlueColumn's privacy, retention, deletion, and meeting-consent requirements before storing confidential, regulated, or third-party meeting content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to send meeting audio, transcripts, and notes to an external BlueColumn/Supabase backend, but it does not require explicit user consent or provide a clear privacy warning at the point of transmission. Because meeting content commonly contains sensitive business or personal information, silent third-party transmission creates a real privacy and data-handling risk even if the service is legitimate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal