Meeting Summary Generator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to generate meeting summaries as advertised, but it automatically attempts a paid billing charge using an embedded merchant key before normal use.

Review this before installing if you do not want automatic pay-per-use billing. Normal runs attempt a 0.003 USDT SkillPay charge unless --test is used, and private meeting notes will be processed by the configured OpenClaw/Sloan agent. Avoid setting SKILLPAY_MERCHANT_KEY unless you intend this skill to use it, and treat the embedded merchant-key design as a security weakness rather than a clean payment integration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill declares no permissions, yet its metadata references environment-variable-based secrets and operational capabilities. This creates a transparency and trust problem because users cannot tell that the skill may access sensitive tokens or payment credentials, increasing the risk of unintended secret use or hidden behavior.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill is presented as a meeting-summary tool, but the metadata indicates payment processing, use of an embedded merchant key by default, and contact with external services beyond summarization. This mismatch is dangerous because users may provide sensitive meeting notes without informed consent to billing, secret-handling, or third-party transmission behaviors.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill performs an external payment charge even though its stated purpose is only meeting-summary generation. This creates undisclosed financial side effects and can cause unauthorized or unexpected charges when a user runs what appears to be a simple text-processing tool.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: Meeting notes are sent to an external subprocess/agent, which exceeds the implied local transformation behavior of the skill description. Because meeting notes often contain confidential business or personal information, undisclosed off-device transmission creates a real privacy and data-governance risk.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The presence of billing/charging code is outside the core summarization function and introduces financial and trust risk unrelated to the main task. In a user-facing skill, unrelated payment capabilities can be abused or surprise users with charges, especially when triggered automatically during normal execution.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README advertises pay-per-use behavior and states that payment is handled automatically via an embedded merchant key, but it does not clearly warn users when charges occur, how consent is obtained, or what data/payment flow is involved. In an agent skill that may be installed and run quickly from the CLI, this creates a meaningful risk of unexpected charges and weakens informed user consent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation notes a local API fallback requirement but does not clearly warn that meeting notes may be transmitted to that service. Meeting notes often contain confidential business or personal information, so undisclosed routing to another service can cause privacy breaches, compliance issues, and accidental data exposure.

Missing User Warnings

High

Confidence: 100% confidence
Finding: A hardcoded merchant key is embedded as a fallback credential in the source code. Anyone with access to the code can extract and misuse the key to create fraudulent charges or impersonate the merchant, and secret rotation becomes difficult once published.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill transmits user meeting notes to an external agent process without an explicit privacy warning or consent step. Because meeting notes commonly include sensitive internal discussions, this can leak confidential information to third-party infrastructure or tooling.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill sends billing-related data to an external API without a clear warning at the point of transmission. Even if the payload is limited, undisclosed outbound billing requests create transparency and trust issues and can contribute to unexpected account activity.

Ssd 1

Medium

Confidence: 88% confidence
Finding: User-supplied notes are interpolated directly into the LLM prompt, allowing prompt-injection content inside the notes to influence the model's output. This can cause the summarizer to ignore instructions, produce manipulated summaries, or emit attacker-controlled content instead of a faithful meeting summary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal