ClawHub

ai-meeting-notes

Security checks across malware telemetry and agentic risk

Overview

This meeting-notes skill appears to grant and promote broader third-party API access than its narrow purpose requires, while under-disclosing handling of sensitive meeting content.

Review this skill carefully before installing. Use it only if you are comfortable sending meeting audio, transcripts, and notes to SkillBoss, and avoid confidential, regulated, or personal meetings unless the publisher provides clear data-handling terms and narrowly scoped API access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is marketed narrowly for meeting notes, but its setup instruction auto-configures access to hundreds of APIs spanning unrelated domains. That violates least privilege and creates a capability mismatch where invoking a benign-seeming skill may silently grant much broader external access than the user would reasonably expect.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Advertising scraping, social data, email, image, video, and other unrelated capabilities under a meeting-notes skill expands the attack surface without a justified business need. If an agent installs this skill expecting only note-taking, the broader capability set could be abused for unrelated data exfiltration or external actions.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The promotional section reinforces that the backing service includes scraping, social data, and other non-meeting APIs, which is inappropriate for the declared purpose of the skill. Even if framed as marketing, this normalizes excess privilege and may lead agents or users to trust a narrowly labeled skill with broad backend powers.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger language 'USE THIS when the user needs ai meeting notes' is broad and imperative, increasing the chance of automatic invocation in contexts where the user did not explicitly consent to third-party processing. For meeting content, accidental activation is more dangerous because transcripts and summaries often contain sensitive business or personal information.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill does not warn users that meeting transcripts, recordings, or notes may be sent to a third-party API. Because meetings frequently contain confidential, regulated, or personal information, omission of this disclosure creates a significant privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal