ClawHub

Fireflies

v1.0.1

Access Fireflies.ai meeting transcripts, summaries, action items, and analytics via GraphQL API

4· 2k·8 current·8 all-time
by@daniil-ctrl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the runtime instructions: SKILL.md shows GraphQL calls to https://api.fireflies.ai/graphql and skill.json declares FIREFLIES_API_KEY and required binaries (curl, jq). The requested items are appropriate for querying Fireflies transcripts and analytics.
Instruction Scope
SKILL.md contains explicit curl examples and GraphQL queries limited to Fireflies data (transcripts, summaries, contacts, active meetings). It does not instruct reading unrelated files, accessing other env vars, or sending data to non-Fireflies endpoints.
Install Mechanism
No install spec or code files are included — this is instruction-only. That minimizes on-disk risk. skill.json lists required binaries (curl, jq) which are reasonable for the provided examples.
Credentials
Only a single credential (FIREFLIES_API_KEY) is required and is directly used as a Bearer token in the Authorization header. This is proportionate to the described functionality. Note: registry summary at the top of the package report incorrectly listed 'required env vars: none' — the included files do require FIREFLIES_API_KEY.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system settings, and has no config path requirements. Autonomous invocation is allowed by platform default (not a red flag here).
Assessment
This skill appears to be what it claims: a collection of curl/jq examples that call Fireflies' official GraphQL API and requires a single FIREFLIES_API_KEY. Before installing, confirm you trust the skill author and are comfortable granting access to your Fireflies account (transcripts can contain sensitive conversation content). Use a least-privilege/read-only API key if Fireflies supports scopes, and be prepared to revoke the key if you stop using the skill. Note the package metadata included in the bundle (skill.json) requires curl and jq and a FIREFLIES_API_KEY; the registry summary at the top of the report incorrectly omitted those requirements. Finally, because this is instruction-only (no code/install), the main risk is data access via the API key — treat the key like any other secret.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm4jkgmbckcn3qmq0sypb8s814h2s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments