Firefly AI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process with this API key can retrieve meeting information available to that Fireflies.ai account, including potentially sensitive transcripts and summaries.
The script requires a Fireflies.ai API key and uses it as a bearer token to access the user's Fireflies account data.
const API_KEY = process.env.FIREFLY_API_KEY; ... 'Authorization': `Bearer ${API_KEY}`Use a dedicated or least-privileged Fireflies API key if available, keep it only in trusted environment configuration, and revoke it when no longer needed.
Custom queries could expose more meeting metadata than the user intended, such as participant details or media links, though this remains aligned with the Fireflies.ai integration purpose.
The skill supports a raw GraphQL path in addition to the safer predefined list, transcript, summary, and search commands, which can retrieve broader meeting fields if used.
Build GraphQL queries directly against `https://api.fireflies.ai/graphql`. See `references/api.md` for full schema and available fields.
Prefer the predefined commands when possible, request only the fields needed, and confirm before retrieving or saving full transcripts or expanded attendee/media details.