Meeting Agenda
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: meeting-agenda Version: 2.0.0 The skill bundle provides templates and a basic CLI tool for managing meeting agendas and tasks. The scripts (agenda.sh and script.sh) perform local file operations for logging and display meeting-related prompts to the AI agent without any evidence of data exfiltration, malicious execution, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting only agenda templates could also receive or run an unrelated local task-management tool.
This included script implements task-management commands, while the main SKILL.md documents meeting-agenda commands such as create, standup, retro, oneonone, decision, and minutes. The mismatch creates ambiguity about what code a user or agent would actually run.
Productivity and task management tool Commands: add list done priority today week remind stats clear export
Clarify the intended entrypoint, remove unused scripts, or document all included commands and why they are needed for meeting agendas.
Private meeting notes, action items, or task text entered into this script may remain on disk after the session.
The script stores user-supplied items and command history in persistent local files. This is not mentioned in the main skill instructions or registry requirements.
DATA_DIR="${MEETING_AGENDA_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/meeting-agenda}"
DB="$DATA_DIR/data.log"
mkdir -p "$DATA_DIR"
...
cmd_add() {
echo "$(date +%Y-%m-%d) $*" >> "$DB"Make storage opt-in or clearly disclose it, document the storage location, provide a real cleanup/delete command, and ask before saving sensitive meeting content.