ClawHub

Percept Meetings

Security checks across malware telemetry and agentic risk

Overview

This meeting skill has a legitimate purpose, but it can broadly ingest, retain, and surface sensitive meeting or ambient transcripts with limited safeguards documented.

Install only if you are comfortable giving an agent searchable access to meeting transcripts and possibly ambient conversations. Use the narrowest Zoom permissions available, secure and verify webhook endpoints, avoid URL query-string secrets where possible, define retention and deletion practices for the Percept database, and require user confirmation before the agent sends messages, creates tasks, or schedules follow-ups from transcript content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document says all incoming webhooks require bearer-token authentication, but the actual setup instructs users to place the secret in the URL query string. Query-string secrets are commonly exposed through logs, browser history, reverse proxies, and monitoring tools, which weakens webhook authentication and creates a documentation-driven insecure deployment. In this skill context, the webhook carries meeting transcripts, so unauthorized submission or replay could poison records or expose sensitive meeting data handling paths.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description contains very broad trigger phrases such as 'meeting notes', 'transcript', and 'what did [person] say', which can cause the skill to activate on common user requests and pull in highly sensitive meeting context without sufficiently specific user intent. In a meetings/transcripts skill, this is more dangerous because over-triggering can expose confidential discussions, identities, and action items to unrelated workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs users to connect Zoom, Granola, and Omi sources, import transcripts, and configure OAuth secrets and webhook tokens, but it does not provide a meaningful privacy warning, consent guidance, retention limits, or cautions about handling sensitive meeting content. Because the skill is specifically designed to ingest searchable transcripts and speaker data, missing data-handling safeguards materially increases the risk of unauthorized collection, retention, and downstream disclosure of confidential communications.

Missing User Warnings

High
Confidence
95% confidence
Finding
The documentation promotes ambient audio capture in any meeting without warning about consent, notification, or jurisdiction-specific recording requirements. That creates a real privacy and compliance risk because users may deploy the wearable in contexts where participants have not agreed to recording or transcription. In a meeting-intelligence skill, this is especially dangerous because the captured content is likely to include sensitive business, personal, or regulated information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The setup directs users to stream transcripts to a webhook and store them in Percept without warning that conversation data is being transmitted, processed, and retained by external systems. This omission can lead to accidental exposure of confidential meeting content, especially if users assume the flow is local-only or do not understand the storage and access implications. Because this skill is explicitly designed to search, summarize, and act on meeting transcripts, the sensitivity and downstream misuse potential are high.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The webhook instructions tell users to expose an internet-reachable endpoint for `recording.completed` events and mention a webhook secret, but they do not explicitly require request signature verification, replay protection, or restricting access to the listener. In a meeting-transcript skill, forged or spoofed webhook calls could trigger unauthorized imports, pollute meeting records, or cause the agent to act on falsified meeting data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal