ClawHub

meeting-score

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Feishu meeting-scoring skill, with disclosed table edits and optional polling that users should manage carefully.

Install only if the agent should create and modify Feishu Bitable scoring data. Configure and verify row-level permissions before sharing the table with judges, confirm the target table IDs before cleanup or updates, and stop the automatic polling job after scoring is complete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill introduces persistent scheduled background execution via cron even though the core workflow is simple scoring-table setup and aggregation. This expands the skill’s authority and execution surface beyond user-immediate actions, creating risk of unintended repeated reads/writes, resource abuse, and continued processing after the meeting unless explicitly stopped.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The skill instructs proactive message sending to the host when scoring completes, but that outbound notification capability is not described in the manifest. Undeclared outbound communication can surprise users, leak workflow state, and violate least-privilege expectations even if the message content is limited.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Several trigger phrases are everyday commands like '查看汇总', '开始自动计算', or '停止自动计算', which can be matched in normal conversation and cause state-changing operations. In this skill, accidental activation is more dangerous because triggers can start background jobs, modify records, or alter meeting workflow without a deliberate scoped command.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells the operator to share the table link with all judges, but the privacy model depends on manual configuration of row-level permissions. Without a strong warning and sequencing guard, judges may receive access before protections are enabled, exposing other judges’ names, scores, or meeting materials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal