Skill Vexa

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill matches its meeting-bot purpose, but it ships hardcoded Vexa API keys and sets up webhook-driven agent actions that can persist meeting data, so it needs review before use.

Do not use this package as-is. Ask the publisher to remove and rotate the bundled API keys, declare the Vexa credential and webhook requirements, and add authenticated webhook validation. If you must test it, delete skills/vexa/secrets first, set your own VEXA_API_KEY, verify the endpoint, and avoid exposing the webhook until it is authenticated.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

Critical

What this means

Meeting links, bot sessions, transcripts, webhook settings, and reports could be associated with an unknown bundled Vexa account, exposing meeting data to whoever controls that credential.

Why it was flagged

A production Vexa API key is packaged with the skill; the scripts auto-load secret env files, so a user may unknowingly operate under a bundled/shared credential rather than their own account.

Skill content

VEXA_API_KEY=X8CuD3cGmajw...811L8H8

Recommendation

Remove all bundled secret files, rotate/revoke the exposed Vexa keys, require the user to provide their own key, and declare the credential requirement in metadata.

#ASI04: Agentic Supply Chain Vulnerabilities

High

What this means

The published package contains sensitive local configuration and credentials, making the package provenance and account boundary unsafe to trust.

Why it was flagged

The provided file manifest and file contents include secrets/vexa.env, secrets/vexa-prod.env, and secrets/vexa-local.env despite the skill's own instruction to exclude that directory.

Skill content

When publishing the skill to ClawHub, ensure `secrets/` is excluded.

Recommendation

Publish a clean package without secrets/, add automated secret scanning before release, and rotate any credentials that were included.

#ASI09: Human-Agent Trust Exploitation

Medium

What this means

Users may install or run the skill without realizing it needs account credentials and sends meeting data through a Vexa API endpoint.

Why it was flagged

This conflicts with SKILL.md's `VEXA_API_KEY` requirement and the code's credential loading, under-disclosing the skill's cloud account access needs.

Skill content

Required env vars: none ... Primary credential: none

Recommendation

Update metadata to declare VEXA_API_KEY, the Vexa API endpoint, webhook capability, and meeting transcript/report data handling.

#ASI02: Tool Misuse and Exploitation

High

What this means

If a spoofed or malformed webhook reaches the hook, it could cause the agent to run an unintended command or operate on an unintended meeting.

Why it was flagged

Webhook-controlled strings are interpolated into a command presented to the agent without visible validation or quoting.

Skill content

const reportCmd = `node skills/vexa/scripts/vexa.mjs report --platform ${platform} --native_meeting_id ${nativeMeetingId}`;

Recommendation

Authenticate webhooks, validate platform and meeting IDs against strict allowlists, pass structured arguments instead of command text, and require approval before executing webhook-derived commands.

#ASI07: Insecure Inter-Agent Communication

High

What this means

A reachable hook endpoint may allow external requests to trigger agent work, fetch meeting data, and create reports if the gateway accepts the request.

Why it was flagged

The documented public webhook mapping wakes the agent immediately, but the setup text does not document a Vexa signature, shared secret, or other origin verification.

Skill content

"action": "agent", "wakeMode": "now", "match": { "path": "vexa" }

Recommendation

Require signed webhooks or a secret token, document the authentication path clearly, and reject unauthenticated or unexpected payloads before they reach the agent.

#ASI06: Memory and Context Poisoning

Medium

What this means

Incorrect or malicious meeting/webhook content could be stored as trusted memory and influence later agent behavior.

Why it was flagged

External webhook and meeting content is inserted into agent context and can lead to persistent memory/entity updates.

Skill content

Update/create entity files under memory/entities/ ... Raw payload (for reference): ${JSON.stringify(p, null, 2)}

Recommendation

Treat webhook payloads and transcripts as untrusted data, require user approval before updating persistent memory/entities, and record provenance for generated notes.