ClawHub

Meeting Notes Summarizer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but users should know it sends the transcript they provide to Anthropic for summarization.

Install only if you are comfortable sending the transcript text you provide to Anthropic for processing. Avoid using it for confidential, regulated, HR, legal, customer, or internal strategy meetings unless your organization permits that use and the API account is governed appropriately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script reads potentially sensitive meeting transcripts from stdin and sends them, along with use of an API credential from the environment, to Anthropic's external API. This is a real data-exposure risk because transcripts may contain confidential business, HR, legal, or customer information, and the script provides no consent gate, data classification check, or minimization before transmission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires an external API key (`ANTHROPIC_API_KEY`) and uses `curl`, which strongly implies meeting transcript content is transmitted to a third-party service. The description does not clearly disclose this data flow, so users may unknowingly send sensitive meeting notes, internal plans, or personal data off-device, creating privacy, compliance, and confidentiality risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently sends the full meeting transcript to a third-party service without any user-facing notice at execution time. In a skill context, users may reasonably expect local processing, so this lack of transparency increases the chance of accidental disclosure of sensitive internal information.

External Transmission

Medium
Category
Data Exfiltration
Content
print(json.dumps(prompt + transcript))
")

RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
  -H "content-type: application/json" \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
Confidence
93% confidence
Finding
curl -s https://api.anthropic.com/v1/messages \ -H "content-type: application/json" \ -H "x-api-key: $ANTHROPIC_API_KEY" \ -H "anthropic-version: 2023-06-01" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
print(json.dumps(prompt + transcript))
")

RESPONSE=$(curl -s https://api.anthropic.com/v1/messages \
  -H "content-type: application/json" \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
Confidence
93% confidence
Finding
https://api.anthropic.com/

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal