Back to skill

Security audit

Meeting Transcriber

Security checks across malware telemetry and agentic risk

Overview

This skill is a local meeting transcriber that mostly matches its stated purpose, but users should understand it records audio, stores transcripts, and has a setup helper that writes local configuration and support files.

Install only if you trust the local Windows/Conda setup and the external D:\dev\python\voiceFunAsr transcription script it runs. Before recording, get consent from meeting participants, and remember that transcripts may be saved locally and printed into the OpenClaw/terminal output. If you run conda_setup.py, expect it to create ~/.openclaw configuration and local helper files, and review any changes it makes to skill files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"python_path": python_path,
            "env_path": env_info.get('audioProject_path'),
            "conda_version": env_info.get('conda_version'),
            "detected_at": subprocess.run(
                'date /T && time /T',
                shell=True,
                capture_output=True,
Confidence
92% confidence
Finding
"detected_at": subprocess.run( 'date /T && time /T', shell=True, capture_output=True, text=True ).stdout.strip()

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script presents itself as Conda configuration, but it also modifies `SKILL.md`, writes a startup batch file, and injects code into `meeting_minutes.py`. That mismatch between stated purpose and actual behavior is risky because it performs persistent code changes to the skill implementation, increasing the chance of unauthorized functionality changes or hidden backdoor-like persistence.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill performs live microphone capture and stores meeting transcripts to disk, but the description does not present a clear, explicit privacy warning or consent notice near the primary functionality. This creates a real privacy and compliance risk because users or bystanders may be recorded and sensitive meeting content may be retained locally without informed awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This portion rewrites `SKILL.md` and later modifies the main skill script without obtaining prior, specific consent for those file edits. Silent source rewriting is dangerous in a skill context because it creates persistent changes that may alter execution behavior, obscure provenance, and make later review difficult.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script writes a configuration file under the user's home directory containing environment paths and project details without clearly disclosing that persistence before creation. While the contents are not highly sensitive secrets, unexpected persistence of local path metadata can still leak workstation structure and violates least surprise.

Ssd 3

Medium
Confidence
95% confidence
Finding
The record-listing function reads transcript files and prints preview content directly to stdout without any sensitivity classification, confirmation, or redaction. Meeting transcripts commonly contain confidential business discussions, credentials, personal data, or regulated information, so even a preview creates an unintended disclosure channel.

Ssd 3

High
Confidence
99% confidence
Finding
The latest-note viewer prints the full meeting transcript to stdout before asking whether to open the file externally. This creates a clear data exposure path through logs, terminal history, or agent output channels, which is especially dangerous because meeting notes are likely to contain sensitive internal information.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.