DoctorClaw Meeting Prep
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: doctorclaw-meeting-prep Version: 1.0.1 The skill bundle contains markdown instructions (SKILL.md) for an AI agent to automate meeting preparation by scanning calendars, emails, and CRM data. While the skill requires access to sensitive personal information to function, the instructions are transparent and aligned with the stated purpose. There is no evidence of data exfiltration to unauthorized third parties, malicious code execution, or prompt injection attempts. The metadata (_meta.json) contains a future-dated timestamp, which appears to be a non-malicious anomaly.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted broad permissions, the agent may read sensitive meeting schedules, attendee relationships, deal context, emails, and tasks.
The skill explicitly depends on delegated access to calendar data and optionally private email, CRM/contact, and task systems.
**Calendar access** ... **Email access** ... **Contact/CRM context** ... **Task system**
Grant the narrowest practical account scopes, choose specific calendars and data sources, and review provider OAuth/API permissions before use.
If enabled broadly, the agent could create tasks or update contact notes based on meeting summaries without a separate confirmation step.
The instructions include scheduled automatic operation and mutation of task/contact records as part of the workflow.
set it to auto-run 30 minutes before each event ... Create any follow-up tasks mentioned ... Updates contact notes.
Use on-demand mode or require confirmation for task creation, contact-note updates, and any external delivery until the workflow is trusted.
Sensitive notes or inaccurate summaries could be reused in later briefs unless memory storage and retention are managed.
The skill stores and later reuses meeting notes, making persistent memory part of future meeting-prep context.
Previous meeting notes pulled from memory ... Save meeting notes to memory for future prep briefs
Decide where notes are stored, avoid saving secrets or highly confidential details, and periodically review or delete stored meeting memory.
Private meeting context could be exposed to a shared chat, third-party service, or insecure file location if the delivery channel is misconfigured.
Prep briefs may contain calendar, email, CRM, and task context and can be delivered to external messaging or file destinations.
Delivery — where to send the brief (Telegram, Discord, file, or inline) ... Send the prep brief via configured channel
Choose private delivery targets, avoid public/shared channels for confidential meetings, and verify where briefs are stored or sent.