ClawHub
Back to skill

Security audit

Meeting Assistant

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only meeting workflow that stores notes locally, with privacy-sensitive optional patterns users should handle carefully.

Install only if you are comfortable keeping meeting notes and action items in local workspace files. Review AGENTS.md and any HEARTBEAT.md additions before enabling them, keep sensitive meetings out of content-generation workflows unless sanitized, and manually review all follow-up drafts or investor/newsletter outputs before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This pattern encourages ingesting and filing Slack threads, email exchanges, and voice memos as meeting records without any guardrails around consent, confidentiality, or minimization. That creates a real privacy and data-handling risk because third-party communications may contain sensitive or regulated information that gets persisted into long-lived notes and downstream action tracking.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The investor update pack aggregates business snapshot, financial, goal, and meeting data into a single artifact, which increases the sensitivity and blast radius of any disclosure. Without warnings or access-control guidance, the skill may normalize compiling confidential company information into shareable documents that could be exposed to the wrong audience or generated in an insecure context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Repurposing recent meeting content into newsletter ideas is dangerous because it converts private internal or client conversations into outward-facing content without any confidentiality, consent, or anonymization checks. In this skill context, meetings are likely to contain sensitive commercial, client, personnel, or strategic information, so this pattern materially raises the risk of accidental disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal