Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bytesagain Meeting Minutes
v1.0.3Record, manage, and export meeting minutes in your terminal. Use when capturing action items, logging decisions, tracking attendees, or generating formatted...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided code and SKILL.md: a CLI tool that records meetings to local JSON files and exports Markdown. It does not request unrelated credentials, binaries, or system-level config.
Instruction Scope
Runtime instructions and the script operate locally (write under $HOME/.bytesagain-meetings and /tmp). They do not reference external endpoints or request secrets. Note: the script executes embedded Python here-docs; several of those here-docs use single-quoted delimiters which prevent shell variable expansion, producing literal "$id", "$file", etc., and there are small logic/syntax bugs (e.g., malformed Python f-string in list). These are implementation errors that may cause incorrect behavior or data not being written as intended — not evidence of exfiltration.
Install Mechanism
No install spec; this is instruction-only with an included script. Nothing is downloaded or installed automatically by the skill.
Credentials
No required environment variables or credentials are declared. The script uses standard local paths ($HOME, /tmp) and calls bash and python3 as documented — proportional to the task.
Persistence & Privilege
always:false and user-invocable:true. The skill writes files to a directory under the user's HOME and exports to /tmp, which is appropriate for a local CLI tool and does not modify other skills or global agent configuration.
Assessment
This skill appears to do what it claims: manage meeting minutes locally. Before installing/running it, review and/or test the included script in a safe environment. Specific points to consider: (1) it will create and write files under ~/.bytesagain-meetings and export Markdown to /tmp — ensure you are okay with that location and contents; (2) the embedded Python heredocs contain variable-expansion and small syntax bugs that may prevent expected behavior (you may see files with literal names like "$id.json" or Python errors); (3) because the script runs Python code, run it on non-sensitive data first or inside a container if you want extra isolation; (4) if you plan to rely on it, consider fixing the heredoc variable expansion (remove the single quotes from the here-doc delimiter or pass the values via environment variables consistently) and running a quick lint (shellcheck, python -m pyflakes) to catch errors. Overall the skill is coherent and not requesting extra privileges or secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97cqx4agbpmzs9bqa97aagj2s83v7yz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.