ClawHub

DoctorClaw Meeting Prep

Security checks across malware telemetry and agentic risk

Overview

This is a transparent meeting-prep skill that can touch sensitive work context, but its access and delivery behavior is disclosed and aligned with its purpose.

Before installing, decide exactly which calendars, inboxes, CRM/contact stores, task systems, and note stores it may read. Keep auto-prep opt-in, use private delivery channels, set a short email lookback, and require confirmation before saving notes, creating tasks, or updating contacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill enables automatic execution before meetings without defining explicit user consent boundaries, scope limits, or confirmation requirements. Because the workflow accesses calendar data and may also pull email, CRM, notes, and tasks, an auto-run trigger can cause repeated collection and compilation of sensitive personal and business information with little user awareness at execution time.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description emphasizes convenience but does not prominently warn that it may access privacy-sensitive sources such as email threads, CRM notes, prior meeting notes, and task systems, then deliver compiled summaries to external channels like Telegram or Discord. This creates a real risk of unintended disclosure of confidential communications, customer data, deal information, and internal notes, especially when auto-run is enabled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal