ClawHub

Firefly AI

v1.0.0

Fetch meeting transcripts, summaries, and action items from Firefly AI (fireflies.ai). Use when the user asks about meetings, transcripts, meeting notes, act...

0· 621·0 current·0 all-time
by@codes71
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The code and SKILL.md implement a Fireflies.ai GraphQL client (list, transcript, summary, search) and require an API key — this matches the skill description. However, registry metadata lists no required env vars or binaries while both SKILL.md and the script require FIREFLY_API_KEY and Node.js respectively (inconsistency).
Instruction Scope
Runtime instructions are scoped to calling https://api.fireflies.ai/graphql with an Authorization: Bearer <API_KEY> header and presenting results. The SKILL.md suggests saving large transcripts to the workspace if the user requests that, but the included script itself prints to stdout and does not autonomously write files or send data to any other endpoint.
Install Mechanism
There is no install spec (instruction-only) and the script is included in the package — low installation risk. One metadata omission: the registry does not declare Node.js as a required binary even though the SKILL.md and script require running with node.
!
Credentials
The skill legitimately needs a single credential (FIREFLY_API_KEY) to call Fireflies.ai. However, the registry metadata lists no required environment variables and no primary credential, so the manifest underreports the sensitive access this skill needs. Confirm the gateway will store the API key securely and that the key scope is limited.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and does not persist credentials itself. Autonomous invocation is allowed (platform default) but is not combined here with other elevated privileges.
Assessment
This skill appears to be a straightforward Fireflies.ai client, but the package metadata omits two important runtime requirements: FIREFLY_API_KEY (required by the script) and Node.js (to run scripts/firefly.cjs). Before installing: 1) Verify the skill source/publisher (homepage is missing). 2) Only provide a Fireflies API key you trust the skill with — prefer a scoped or read-only key if Fireflies supports that. 3) Understand that transcripts may contain sensitive personal or company data; if you run the script or save outputs to the workspace, treat those files as sensitive. 4) Consider reviewing the included script locally (it is small and readable) or running it in a restricted environment. 5) Ask the publisher to correct the registry metadata so required env vars and runtime dependencies are declared.

Like a lobster shell, security has layers — review code before you run it.

firefliesvk97dv6cws9vsb57f3zznvbxba5819qctlatestvk97dv6cws9vsb57f3zznvbxba5819qctmeetingsvk97dv6cws9vsb57f3zznvbxba5819qctproductivityvk97dv6cws9vsb57f3zznvbxba5819qcttranscriptsvk97dv6cws9vsb57f3zznvbxba5819qct

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments