ClawHub

Minutes Taker

Security checks across malware telemetry and agentic risk

Overview

This meeting-minutes skill fits its stated purpose, but it can automatically send audio to Google and persist meeting records locally, so it should be reviewed before installation.

Install only if you are comfortable with meeting audio potentially being sent to Google when Whisper is unavailable and with minutes, decisions, and todos being stored locally under your home directory. For confidential meetings, use an offline ASR backend, avoid running the helper scripts directly, and periodically review or delete the stored data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The module falls back to SpeechRecognition's Google Web Speech path, which can transmit user audio or derived content to an external third-party service. In a meeting-minutes context, recordings often contain sensitive business, legal, or personal information, so silent network exfiltration beyond the local skill boundary materially increases confidentiality and compliance risk.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
This code persistently stores and mutates cross-meeting todo data under the user's home directory, creating a longer-lived data store than a simple transcript-to-minutes transformation would imply. In a minutes-taking context, this increases privacy and scope risk because meeting-derived action items, assignees, and deadlines can accumulate across sessions without an explicit consent, retention, or access-control model.

Description-Behavior Mismatch

Medium
Confidence
72% confidence
Finding
The module exposes state-changing task management behavior, including updating todo status, which goes beyond passive minutes generation into workflow management. That expanded capability can mislead users about the skill's authority and cause unauthorized or unexpected modification of meeting-derived records if called by other components.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code invokes recognize_google without any visible just-in-time warning or consent mechanism at the point where audio may leave the system. Even if the feature is convenient, sending meeting audio to an external recognizer without explicit notice can violate user expectations, privacy requirements, or organizational policy.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persistently stores full meeting minutes and related metadata under a predictable path in the user's home directory without any consent prompt, sensitivity warning, access control, or minimization. Meeting transcripts and minutes often contain confidential business discussions, participant identities, and action items, so silent local persistence increases the risk of unintended disclosure to other local users, backups, malware, or shared workstation access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The test harness unconditionally deletes the persistent todo storage file if the module is executed directly. Even though this is local-only behavior, it can cause silent destruction of user data because the same path is used for real persisted meeting todos and no confirmation, backup, or test-only isolation is enforced.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal