Zoom
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: zoom-meetings Version: 0.1.0 The skill bundle provides instructions for managing Zoom meetings and webinars through an integration service called ClawLink (claw-link.dev). The SKILL.md file outlines a standard OAuth-style pairing and tool discovery process, including explicit safety rules that require user confirmation for destructive actions and prohibit the leaking of credentials. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the logic is consistent with its stated purpose of providing a hosted integration bridge.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The integration may be able to view or change Zoom meetings, webinars, registrants, participants, or related account data depending on the permissions granted.
The skill requires delegated Zoom account access through OAuth. This is expected for managing Zoom resources, but it gives the integration authority over the user's Zoom account according to the scopes approved.
ClawLink's hosted page runs the hosted OAuth flow — the user clicks through the Zoom login and authorization screen.
Review the Zoom authorization screen and grant only scopes you are comfortable with; disconnect the ClawLink Zoom integration if you no longer need it.
If approved, the agent could make real changes in Zoom, such as updating meeting, webinar, registrant, or participant state.
The skill can invoke Zoom tools that perform writes, including external-facing or bulk actions. The instructions include preview and confirmation safeguards, so this is purpose-aligned but worth user attention.
For writes or anything marked as requiring confirmation, call `clawlink_preview_tool` first, then confirm with the user.
Before approving any write, bulk, destructive, or attendee-facing action, check the preview carefully and confirm the exact Zoom changes you want.
Using this skill requires trusting the separately installed ClawLink plugin and its update/provenance chain.
The skill depends on a separate ClawLink plugin that is not included in the supplied artifact set. The install step is disclosed and user-directed, but the plugin itself is outside this review.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the stated ClawHub source and review ClawLink's verification or source links if you need stronger assurance.
Your Zoom connection and related tool requests are handled through ClawLink rather than only locally in OpenClaw.
The skill routes authentication and tool use through the external ClawLink service. The destination is disclosed, but Zoom-related requests and credentials depend on that provider boundary.
The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.
Use this only if you trust ClawLink to handle the Zoom connection, and avoid pasting raw credentials into chat as the skill instructs.