Percept Meetings
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This meeting-context skill is mostly purpose-aligned, but it asks for broad access to sensitive meeting data and privileged Zoom recordings while storing transcripts for later reuse.
Install only if you are comfortable giving the integration access to sensitive meeting transcripts and, for Zoom, potentially account-wide recording data. Verify the external Percept package before installing, scope OAuth permissions as narrowly as possible, protect the local database, and require confirmation before the agent sends emails, creates tasks, or schedules follow-ups from meeting content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A Zoom Server-to-Server OAuth app could let the integration read many users' cloud recordings and account user data, not just one meeting transcript.
These are admin-level Zoom scopes that can expose recordings and user lists beyond a single user's selected meetings. The registry metadata also declares no primary credential or required env vars, so this privileged access is under-declared.
Add scopes: - `recording:read:list_recording_files:admin` - `recording:read:list_user_recordings:admin` - `user:read:list_users:admin`
Use the least-privileged Zoom app possible, restrict it to the intended account or users, and install only if you are comfortable granting account-level recording access.
Private conversations may become searchable agent context and could be reused in later tasks if the database is not carefully scoped and managed.
The Omi workflow can capture broad ambient conversations and persist them into a searchable database. The artifacts do not describe retention limits, exclusions, encryption, participant consent handling, or when stored context should be reused.
No calendar integration needed — it captures everything ambient ... Stored in Percept DB, searchable immediately
Configure capture narrowly, get appropriate consent, protect the database, and define retention or deletion practices before using ambient meeting capture.
The agent could turn transcript-derived action items into real-world account changes or communications without enough review.
The instruction encourages the agent to take external follow-up actions based on meeting transcripts, but it does not specify a confirmation step before sending messages, creating tasks, or scheduling events.
Use other OpenClaw tools to execute (send emails, create tasks, schedule follow-ups)
Require explicit user approval before sending emails, creating tasks, scheduling meetings, or making other external changes based on meeting data.
Installing the external package will run and trust code outside this skill bundle.
The main functionality depends on installing external code that is not included in the reviewed artifacts and is not pinned to a specific version. This is expected for this integration but should be verified by the user.
pip install getpercept # or: git clone https://github.com/GetPercept/percept
Review the package and repository, pin a trusted version, and install in a controlled environment if possible.