ClawHub

会议记录整理与行动项提取

Security checks across malware telemetry and agentic risk

Overview

This is a meeting-notes template skill; its main risks are privacy when using outside tools and the need to review inferred action items.

Install only if you are comfortable using it for meeting notes. Before pasting transcripts into AI, transcription, Jira, Notion, Lark, or similar tools, check your organization’s data policy, redact secrets and sensitive personal or customer information, obtain required participant consent, and review all inferred owners, deadlines, and action items before sharing or creating tickets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The Chinese weak trigger phrases are broad enough to convert speculative discussion, suggestions, or status commentary into concrete action items. In a meeting-notes skill, this can silently fabricate tasks, owners, or urgency, causing operational errors, accountability confusion, and downstream workflow automation on incorrect data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The English weak triggers include phrases like 'mentioned' and 'We should probably,' which often reflect brainstorming rather than committed work. If treated as extractable tasks, the skill may produce false action items that misassign responsibility or trigger unnecessary follow-up in shared documents and project systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly instructs users to paste meeting transcripts into third-party AI tools and then sync resulting summaries and action items into external systems, but it provides no privacy classification, consent, retention, or data-minimization guidance. Meeting notes often contain sensitive business discussions, personal data, credentials, or customer information, so this omission can lead to unintended disclosure across multiple SaaS platforms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal