Back to skill

Security audit

Meeting Recorder Assistant

Security checks across malware telemetry and agentic risk

Overview

This meeting recorder is mostly purpose-aligned, but it can capture sensitive meeting audio and send transcription data to Google without clearly warning users.

Review before installing for real meetings. Only use it where all participants have consented, avoid regulated or confidential meetings unless your policy allows Google-based transcription, and store/delete audio and transcript files deliberately. For sensitive deployments, pin dependencies and consider a local-only transcription option.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill demonstrates file read/write capability in example code but declares no permissions, which undermines transparency and prevents informed consent or policy enforcement. In a meeting-recording context, file access can expose sensitive transcripts, notes, and audio artifacts, especially when written to predictable temporary paths.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior omits material capabilities: sending transcription data to an external Google Speech Recognition service and writing artifacts to /tmp and JSON outputs. For a meeting assistant, these omissions are significant because meeting audio and transcripts often contain confidential business, legal, or personal information, so undisclosed external transfer and local persistence materially increase privacy and compliance risk.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The transcription path sends captured meeting audio to Google's speech recognition service, which is an external network transfer of potentially sensitive meeting content. In a meeting-recorder skill, this is security-relevant because users may reasonably expect recordings to remain local unless remote processing is explicitly disclosed and consented to.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Live microphone capture is transmitted to Google's recognition backend during transcription, exposing real-time meeting audio to a third party. This is especially sensitive in a meeting assistant context because conversations may contain confidential business, personal, or regulated information, increasing the privacy and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes recording and transcribing meetings but provides no warning about consent requirements, privacy obligations, or secure handling of captured audio and transcripts. In a meeting-recording context, this omission can lead users to deploy the skill in ways that violate wiretapping, workplace monitoring, or data-protection rules, and may expose sensitive business or personal information.

Missing User Warnings

High
Confidence
95% confidence
Finding
A meeting recorder/transcriber inherently handles highly sensitive spoken content, and the absence of a privacy warning is dangerous because users may not realize they are recording others, creating transcripts, or potentially sending audio to third parties. In many jurisdictions and organizations, recording without clear notice and consent can create legal, regulatory, and policy violations in addition to confidentiality harm.

Unpinned Dependencies

Low
Category
Supply Chain
Content
speechrecognition>=3.10.0
pydub>=0.25.1
openai>=1.0.0
python-dateutil>=2.8.0
Confidence
95% confidence
Finding
speechrecognition>=3.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
speechrecognition>=3.10.0
pydub>=0.25.1
openai>=1.0.0
python-dateutil>=2.8.0
Confidence
95% confidence
Finding
pydub>=0.25.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
speechrecognition>=3.10.0
pydub>=0.25.1
openai>=1.0.0
python-dateutil>=2.8.0
Confidence
97% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
speechrecognition>=3.10.0
pydub>=0.25.1
openai>=1.0.0
python-dateutil>=2.8.0
Confidence
94% confidence
Finding
python-dateutil>=2.8.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.