Skill Vexa
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: vexa Version: 0.1.3 The Vexa skill bundle is a legitimate integration for managing meeting bots on platforms like Zoom, Google Meet, and Microsoft Teams. The code provides functional CLI tools (vexa.mjs, ingest.mjs, onboard.mjs) for starting bots, retrieving transcripts, and generating meeting reports. Security best practices are implemented, including the use of 'chmod 600' for local secret files, mandatory confirmation flags for destructive 'DELETE' operations, and explicit instructions in SKILL.md and onboarding-flow.md directing the AI agent never to ask users for API keys in chat. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A reachable webhook endpoint could cause agent activity whenever it receives a matching request, and the artifacts do not show a clear origin-authentication boundary.
The documented setup exposes a public webhook that immediately wakes an agent. The provided mapping does not show a signature, shared token, or sender-authentication requirement.
"action": "agent", "wakeMode": "now" ... "The webhook cannot be set without a public URL"
Enable the webhook only behind strong authentication or signed webhook verification, and keep manual report creation as the safer default unless the hook is protected.
A crafted webhook payload could influence what the agent does during an automatic report workflow.
Webhook-controlled payload content is inserted directly into the message returned to the agent. If payload fields contain instructions, they may be interpreted as task context rather than untrusted data.
Raw payload (for reference):
${JSON.stringify(p, null, 2)}Do not include raw webhook payloads in agent prompts. Extract only validated fields, label them as untrusted data, and ignore any instruction-like content from webhook bodies.
Malformed or malicious webhook fields could lead the agent to run a command for the wrong meeting or with unexpected arguments.
The command text is assembled from webhook-derived platform and meeting ID values without visible validation or quoting before being sent as an agent instruction.
const reportCmd = `node skills/vexa/scripts/vexa.mjs report --platform ${platform} --native_meeting_id ${nativeMeetingId}`; ... `1. Run: ${reportCmd}`Validate platform against an allowlist, validate meeting IDs with strict regexes, and pass structured arguments instead of generating a shell-style command from webhook data.
Untrusted or incorrect webhook content could be turned into persistent memory that affects later agent behavior.
The automatic webhook task asks the agent to update persistent memory/entity files while also supplying raw webhook content as context.
3. Update/create entity files under memory/entities/ ... Raw payload (for reference):
Require human review before updating memory/entities from webhook-triggered reports, and store webhook-created notes with provenance and limited trust.
Anyone with the configured key may be able to use the Vexa account to manage bots and access meeting transcripts.
The skill needs a Vexa API key to start bots and retrieve transcripts, and it gives some secure handling guidance. This is purpose-aligned but grants access to sensitive meeting data.
Required: `VEXA_API_KEY` ... Do not ask users to paste API keys in chat.
Use a least-privilege Vexa key if available, keep it out of chat, rotate it if exposed, and ensure meeting participants consent to transcription/recording.
Using the skill runs local Node scripts from the skill package.
The CLI runs bundled helper scripts through Node. This is expected for the skill's local CLI workflow and does not itself show arbitrary shell execution.
spawnSync(process.execPath, [onboardScript, ...forwardOnboardingArgs(args)], { stdio: "inherit", env: process.env })Review script changes before updating the skill, and avoid running webhook-generated commands without validation.