Firefly AI
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Fireflies.ai meeting-data integration, but it uses an API key and can retrieve sensitive transcripts and participant details.
Install only if you are comfortable letting the agent use a Fireflies.ai API key to read meeting transcripts, summaries, and participant information. Keep the key secure, avoid unnecessary custom GraphQL queries, and review transcript outputs before saving or sharing them.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process with this API key can retrieve meeting information available to that Fireflies.ai account, including potentially sensitive transcripts and summaries.
The script requires a Fireflies.ai API key and uses it as a bearer token to access the user's Fireflies account data.
const API_KEY = process.env.FIREFLY_API_KEY; ... 'Authorization': `Bearer ${API_KEY}`Use a dedicated or least-privileged Fireflies API key if available, keep it only in trusted environment configuration, and revoke it when no longer needed.
Custom queries could expose more meeting metadata than the user intended, such as participant details or media links, though this remains aligned with the Fireflies.ai integration purpose.
The skill supports a raw GraphQL path in addition to the safer predefined list, transcript, summary, and search commands, which can retrieve broader meeting fields if used.
Build GraphQL queries directly against `https://api.fireflies.ai/graphql`. See `references/api.md` for full schema and available fields.
Prefer the predefined commands when possible, request only the fields needed, and confirm before retrieving or saving full transcripts or expanded attendee/media details.