ClawHub

Meeting Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a simple meeting-notes helper that processes user-provided transcripts and does not install code, request credentials, or perform hidden actions.

Safe to install as a meeting productivity skill, but review what you paste into it. Redact secrets and sensitive personal, legal, HR, client, or regulated information unless you are authorized to process it, and review drafted follow-up emails before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill is explicitly designed to process meeting transcripts and notes, which commonly contain sensitive business strategy, customer data, employee discussions, and personal information, yet it provides no privacy warning or handling guidance. In this context, the omission increases the chance that users will paste confidential content without redaction or consent checks, leading to unintended disclosure or improper processing.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes very broad workplace phrases such as meeting notes, action items, and what was decided, which can match ordinary user requests in many contexts. Overbroad invocation can cause the skill to activate unexpectedly on sensitive enterprise conversations or documents, increasing exposure of confidential content to unintended processing paths.

Vague Triggers

Low
Confidence
87% confidence
Finding
The trigger conditions are defined as broad task categories without clear boundaries, opt-in requirements, or exclusions. In a workplace assistant context, this can lead to accidental activation on unrelated but sensitive communications, though the content itself is not overtly harmful and the main risk is unintended scope expansion.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal