ClawHub

AI Meeting Notes w/ Action Items + To-Do List Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill locally saves and organizes pasted meeting notes as advertised, but users should treat the saved notes and todo file as persistent workspace data.

Before installing, understand that pasted notes and transcripts, including raw original text, will be saved locally under meeting-notes/, and selected action items may be written to todo.md. Use it in a private workspace, redact sensitive content first when needed, and periodically review or delete saved notes and todos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill’s FAQ tells users that 'nothing is stored or sent elsewhere,' but the skill instructions explicitly auto-save meeting notes to `meeting-notes/` and maintain `todo.md`. This is a material misrepresentation of data handling that can cause users to paste sensitive transcripts, client notes, or internal discussions under false privacy assumptions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that every extraction is automatically saved for future reference, but it does not present a clear, prominent warning before users provide potentially sensitive meeting content. Because meeting notes often contain confidential business, HR, legal, or customer data, silent persistence increases the risk of unintentional local retention and later exposure.

Missing User Warnings

High
Confidence
99% confidence
Finding
The privacy FAQ directly contradicts the documented behavior of automatically saving notes and todos, which can mislead users about whether their data persists after processing. This is especially dangerous in a meeting-notes skill because users are likely to submit sensitive organizational information while relying on the stated privacy guarantees.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The documented command "remove #" describes a destructive action using a very short, generic trigger without any stated scope constraints or confirmation step. In a meeting-notes skill that processes conversational text, this increases the risk of accidental or ambiguous deletion if the runtime command parser accepts natural-language input too broadly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
A delete command is exposed to users with no warning, confirmation, or recovery guidance in the UI text. If users can invoke commands from free-form notes or chat-like input, an accidental match or misunderstanding could cause task loss and integrity issues in saved to-do data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example output explicitly shows raw meeting notes, attendee names, customer names, scheduling details, and action items being saved to local markdown files and a persistent todo list. Persisting potentially sensitive business content without any warning, consent step, retention guidance, or redaction controls can lead to unintended disclosure on shared devices, synced folders, backups, or downstream integrations.

Ssd 3

Medium
Confidence
90% confidence
Finding
The documented behavior preserves full meeting files containing metadata, summaries, decisions, questions, and raw notes for later search and retrieval. This broad retention exceeds the immediate summarization task and can expose confidential pasted content to future reads, searches, or accidental sharing within the workspace.

Ssd 3

Medium
Confidence
95% confidence
Finding
The AI instructions require preserving the original input exactly as pasted inside the saved file, creating a plain-text retention path for anything the user supplied, including secrets, personal data, legal discussions, or customer information. Exact raw-note preservation materially increases exposure compared with storing only a structured summary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal