Back to skill
Skillv1.0.1
ClawScan security
Meeting Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 12:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only meeting manager that reads/writes local meeting files and coordinates with other agent skills; its requirements and actions are consistent with its description.
- Guidance
- This skill is coherent with its stated meeting-management purpose, but before installing: (1) review and approve the AGENTS.md additions you paste in — they give the agent standing rules about meetings; (2) check and control which directory the agent can write to (meetings/) and back up any existing files there; (3) confirm you want the agent to scan meeting files automatically (heartbeat behavior) and consider disabling autonomous invocation if you prefer manual runs; (4) when enabling integrated chains (research-assistant, CRM, project-tracker), review those skills separately because they may request network access or credentials; (5) follow the explicit guidance to review follow-up email drafts before sending and never enable automatic sending unless you trust the automation fully.
- Findings
[no_findings] expected: The scanner found no code files or suspicious patterns. This is expected for an instruction-only skill; the SKILL.md itself is the runtime instruction surface and has been reviewed above.
Review Dimensions
- Purpose & Capability
- okName and description (meeting briefs, notes, action items, follow-ups) match the SKILL.md instructions which only operate on local meetings/ files and coordinate with other agent skills (project-tracker, crm, research-assistant). No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteInstructions direct the agent to create and update a meetings/ directory, initialize meeting-log.md and open-actions.md, scan meeting files for metrics and overdue items, draft follow-ups (explicitly marked as drafts), and chain to other agent skills for research. This file I/O and directory scanning are expected for a meeting assistant, but you should be aware the agent will read and write those local files and scan the meetings/ hierarchy if enabled.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by an install process beyond the agent's normal file creation when following the instructions.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths. References to integrations (CRM, project-tracker, research-assistant) are plausible but those integrations are external and not requested here — you should verify those other skills separately if you enable chains.
- Persistence & Privilege
- notealways:false (normal). The setup asks you to add standing instructions to AGENTS.md and to create meetings/ files, which makes the behavior persistent only if you follow those steps. The skill suggests heartbeat-like periodic checks; if you enable autonomous agent invocation or scheduled heartbeats elsewhere, the agent could routinely scan meetings/ and surface overdue items — review those settings before enabling autonomous runs.