Back to skill
Skillv1.0.4
ClawScan security
Ghostmeet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 8, 2026, 3:13 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with an on‑premises Ghostmeet meeting assistant that optionally sends transcripts to Anthropic for summaries, but review the extension source and be aware of privacy risks when enabling summaries or allowing autonomous agent actions.
- Guidance
- This skill appears to do what it claims, but take three precautions before installing: (1) Review the Ghostmeet GitHub repo and the extension/ folder yourself before loading the Chrome extension — the SKILL.md's claim about limited permissions is an assertion you should verify. (2) Only set GHOSTMEET_ANTHROPIC_KEY if you are comfortable having transcript text sent to Anthropic for summaries; leave it unset if you want transcription to remain local. (3) Be cautious about allowing the agent to invoke the skill autonomously: an autonomous run could call local endpoints and trigger summaries (exfiltration) without additional prompts. If you want extra safety, keep the key out of the agent environment and require explicit user approval before generating summaries.
Review Dimensions
- Purpose & Capability
- okName/description (AI meeting assistant) align with what the SKILL.md does: it expects a local ghostmeet backend and offers session listing, transcript retrieval, and optional Anthropic summaries. Required binaries (docker to run the backend, curl to call the local API) and the single API key hint (GHOSTMEET_ANTHROPIC_KEY) are proportionate to the stated purpose.
- Instruction Scope
- noteInstructions stay within the stated scope: clone the GitHub repo, run docker compose, load a Chrome extension from the repo, and call local API endpoints (127.0.0.1:8877). The SKILL.md explicitly notes that summaries send transcript text to the Anthropic API — this is expected for the feature, but it means sensitive transcript data will leave the host when summaries are generated. The doc also asserts the extension's permissions (tabCapture only) — users should audit the extension source before installation because the skill cannot verify extension behavior.
- Install Mechanism
- okInstruction-only skill (no install spec). The runtime instructions point to a GitHub repository (github.com/Higangssh/ghostmeet) and standard docker compose usage. Using a GitHub repo and docker is a normal, low-risk install pattern compared with arbitrary download URLs or extracted archives from unknown servers.
- Credentials
- okThe only secret/hint is GHOSTMEET_ANTHROPIC_KEY, which is justified for triggering remote Anthropic (Claude) summaries. Other GHOSTMEET_* configuration variables are standard backend settings. The skill does not request unrelated cloud credentials or broad secrets.
- Persistence & Privilege
- noteThe skill is not always-enabled and has no install that persists code into the agent; autonomous model invocation is allowed (the platform default). That means an agent could autonomously call the local API and—if configured with the Anthropic key—initiate summaries that transmit transcript text externally. This is a privacy/operational risk to be aware of, but it's consistent with the skill's stated features.