ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cms Meeting Monitor

v1.0.2

从 CMS AI慧记 拉取会议内容,支持字幕模式和静默模式两种监控方式。字幕模式实时推送新片段;静默模式后台拉取,有新内容时通知。不做 AI 分析——分析由主 Agent 调用 LLM 处理。

0· 13·0 current·0 all-time
by@evan-zhang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (pull meeting content from 'CMS AI慧记' and notify in two modes) align with the scripts: monitor.py pulls fragments/transcript files and notifier.py builds notifications. The skill legitimately needs an API key (XG_BIZ_API_KEY) and access to local materials; however the registry metadata presented to you earlier lists no required env vars or dependencies — that is inconsistent with the SKILL.md and code which do require XG_BIZ_API_KEY and depend on the cms-meeting-materials skill.
Instruction Scope
SKILL.md instructs the agent to run monitor and notifier exec tools and to operate on local state and materials under ~/.openclaw or CMS_MEETING_* roots. The scripts read/write state.json, fragments.ndjson, transcript.txt and call an external script (trigger-pull.py) to perform the pull. They do not themselves make network calls in the provided code; notification sending is left to the host agent tooling. The scope is appropriate for a monitor, but the scripts invoke other skill scripts via filesystem paths which expands the trust boundary (see environment_proportionality).
Install Mechanism
There is no installer; the skill is instruction/code-only. That is low risk from an install-download perspective. However, it includes executable Python scripts that will be run by the agent, so review of the code is required before use (which we performed).
!
Credentials
The code and SKILL.md require XG_BIZ_API_KEY (AI慧记 API key) and reference optional env vars (CMS_MEETING_MONITOR_ROOT, CMS_MEETING_MATERIALS_ROOT, OPENCLAW_GATEWAY). The registry metadata shown above stated 'Required env vars: none' — this mismatch is concerning. Additionally, monitor.py invokes scripts from a sibling 'cms-meeting-materials' location using a relative filesystem path; that dependency is not declared in registry metadata and could cause unexpected behavior if the referenced script is missing or replaced. No unrelated or high-privilege credentials (AWS, DB passwords) are requested, so the requested secrets are proportional to purpose — but the undeclared dependency and metadata mismatch reduce trust.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configs. It writes state files under ~/.openclaw (or other configured root) which is expected for a monitoring skill. Autonomous invocation is permitted (platform default) but not excessive here.
What to consider before installing
What to check before installing: - Confirm the API key requirement: SKILL.md and the Python scripts require XG_BIZ_API_KEY. The registry metadata you saw earlier omitted that — verify the publisher expects you to provide this key and understand where it is stored. - Verify and install the cms-meeting-materials dependency: monitor.py calls a trigger-pull.py in a 'cms-meeting-materials' sibling path. Ensure that dependency is present, legitimate, and reviewed (inspect its trigger-pull.py and stop-pull.py). If the dependency is missing the skill will fail or attempt to run unexpected code if malicious files are placed at that path. - Inspect trigger-pull.py / stop-pull.py: because monitor.py runs them via subprocess, those scripts determine what network/IO happens during a pull. Review them for network endpoints, credential use, or data exfiltration before granting the API key. - Keep file roots limited: by default the skill writes to ~/.openclaw; avoid setting CMS_MEETING_MONITOR_ROOT to system or sensitive paths. Run the skill under a restricted user account if possible. - Treat the API key as sensitive: store it in a secrets manager or guarded env, and rotate if you test in an untrusted environment. - Ask the publisher to update registry metadata: required env vars (XG_BIZ_API_KEY) and the dependency on cms-meeting-materials should be declared in the skill registry entry to remove the inconsistency. Given these issues (metadata mismatch and undeclared filesystem dependency) the skill appears coherent with its purpose but needs those clarifications before you should deploy it broadly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cnya9r37w1a34bne87kdej1846ae9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

CMS AI慧记 — 会议监控

版本: 1.0.0

定位:主 Agent 的监控工具,负责持续拉取会议内容 + 通知用户。不做分析,分析由主 Agent 调用 LLM 处理。

两种监控模式

🅰️ 字幕模式(实时推送)

  • Cron Job 每 60 秒拉取一次
  • 有新内容时,推送最新片段到当前会话
  • 用户可以看到实时滚动的字幕感内容
  • 用户可随时选中某段文字让主 Agent 处理

🅱️ 静默模式(后台拉取)

  • Cron Job 每 60 秒拉取一次
  • 不主动发消息打扰用户
  • 有新内容时,更新一条状态消息的 reaction 作为心跳
  • 用户主动说"到现在聊了什么"时,主 Agent 才响应

启动监控

用户:帮我接入会议
  ↓
主 Agent:
  好的!请选择模式:
  🅰️ 字幕模式 — 实时推送新片段
  🅱️ 静默模式 — 后台拉取,有事才说
  
  用户选了 🅱️
    ↓
主 Agent:好的,静默监控已开启。你说"到现在"我就给你小结。
  💤 监控中
    
[后台 Cron Job 每60秒拉取,不打扰用户]

用户:到现在聊了什么?
    ↓
主 Agent:[读取 transcript.txt + LLM 总结]
    
    【30分钟小结】
    已确认:Q2目标1.2亿,华东区为重点
    讨论中:团队分工
    
    要继续还是有其他需求?

命令路由

用户意图调用的脚本
接入会议(选择模式)monitor.py start
查看监控状态monitor.py status
停止监控monitor.py stop
做阶段小结主 Agent 读取 transcript.txt + LLM

依赖

依赖于 cms-meeting-materials skill 的脚本:

  • trigger-pull.py — 增量拉取
  • stop-pull.py — 停止拉取
  • list-my-meetings.py — 列出可接入的会议

状态存储

监控状态存放在:

~/.openclaw/cms-meeting-monitor/{gateway}/{meeting_chat_id}/
├── state.json       # 监控状态
├── last_fragment_count  # 上次拉取的片段数
└── cron_job_id      # Cron Job ID

环境变量

变量必须说明
XG_BIZ_API_KEYAI慧记 API 鉴权
CMS_MEETING_MONITOR_ROOT状态存储根目录
OPENCLAW_GATEWAY多 gateway 场景隔离

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…