ClawHub

Fireflies

Security checks across malware telemetry and agentic risk

Overview

This Fireflies skill is a real integration, but it exposes sensitive meeting data, deletion, live-meeting bot insertion, uploads, and raw authenticated API requests without enough upfront scoping or safety guidance.

Install only if you are comfortable giving an agent authenticated Fireflies access that may include transcripts, users, recordings, uploads, live-meeting bot actions, and deletion. Before using it, require explicit confirmation for any delete, upload, live-bot, or raw proxy request, and prefer read-only or curated Membrane actions whenever possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest says the skill is for managing organizations, but the body clearly enables broader Fireflies access, including meetings, transcripts, users, integrations, and proxy API calls. This scope mismatch can cause the agent to invoke the skill in contexts the user did not intend, increasing the chance of overbroad data access and actions on sensitive meeting content.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation advertises actions such as deleting transcripts, adding bots to meetings, uploading audio, and arbitrary proxy requests, which materially exceed a narrow 'manage organizations' scope. In an agent setting, this mismatch is dangerous because it can lead to execution of destructive or privacy-sensitive operations under an underspecified or misleading skill contract.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description, 'Use when the user wants to interact with Fireflies data,' is extremely broad and provides no guardrails around allowed tasks or sensitivity levels. That increases the likelihood of accidental invocation for high-risk data access or modification requests involving transcripts, users, and meetings.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents destructive capability ('Delete Transcript') without any caution, approval workflow, or requirement for explicit confirmation. Because transcripts may contain sensitive business or personal information, silent deletion can cause data loss, audit gaps, and intentional or accidental destruction of important records.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The proxy-request section enables direct API access beyond curated actions but omits any privacy, scope, or data-handling warning. In context, this is more dangerous because Fireflies data can include transcripts, recordings, summaries, and user information, so raw requests increase the chance of sending, retrieving, or modifying sensitive data without adequate review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal