Zoom
PassAudited by ClawScan on May 6, 2026.
Overview
This is a coherent Zoom integration via ClawLink that discloses its need for OAuth-style account access and user-confirmed Zoom actions.
This skill appears purpose-aligned and not malicious from the supplied artifacts. Before installing, make sure you trust ClawLink, review the Zoom OAuth permissions, and only approve previews for Zoom changes you actually want made.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The integration may be able to view or change Zoom meetings, webinars, registrants, participants, or related account data depending on the permissions granted.
The skill requires delegated Zoom account access through OAuth. This is expected for managing Zoom resources, but it gives the integration authority over the user's Zoom account according to the scopes approved.
ClawLink's hosted page runs the hosted OAuth flow — the user clicks through the Zoom login and authorization screen.
Review the Zoom authorization screen and grant only scopes you are comfortable with; disconnect the ClawLink Zoom integration if you no longer need it.
If approved, the agent could make real changes in Zoom, such as updating meeting, webinar, registrant, or participant state.
The skill can invoke Zoom tools that perform writes, including external-facing or bulk actions. The instructions include preview and confirmation safeguards, so this is purpose-aligned but worth user attention.
For writes or anything marked as requiring confirmation, call `clawlink_preview_tool` first, then confirm with the user.
Before approving any write, bulk, destructive, or attendee-facing action, check the preview carefully and confirm the exact Zoom changes you want.
Using this skill requires trusting the separately installed ClawLink plugin and its update/provenance chain.
The skill depends on a separate ClawLink plugin that is not included in the supplied artifact set. The install step is disclosed and user-directed, but the plugin itself is outside this review.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the stated ClawHub source and review ClawLink's verification or source links if you need stronger assurance.
Your Zoom connection and related tool requests are handled through ClawLink rather than only locally in OpenClaw.
The skill routes authentication and tool use through the external ClawLink service. The destination is disclosed, but Zoom-related requests and credentials depend on that provider boundary.
The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.
Use this only if you trust ClawLink to handle the Zoom connection, and avoid pasting raw credentials into chat as the skill instructs.