ClawHub

Fathom

Security checks across malware telemetry and agentic risk

Overview

This Fathom skill is not malicious, but it deserves review because its webhook command can create ongoing forwarding of private meeting transcripts and summaries to any HTTPS endpoint the user supplies.

Install only if you understand the data access. Normal transcript and summary commands will expose private meeting content in the agent or terminal. Do not run the webhook setup unless you control the destination URL, trust its storage and retention practices, and are comfortable with ongoing delivery of transcripts, summaries, and action items until the webhook is removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly requires shell execution and outbound network access, but it does not declare permissions or capability boundaries. That weakens reviewability and informed consent, making it easier for a user or host system to invoke commands that access external services and local secrets without an explicit permission model.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The advertised purpose is passive retrieval of Fathom meetings and transcripts, but the skill also supports webhook registration and sending meeting-derived data to an arbitrary external HTTPS endpoint. This mismatch can mislead users about the skill's real data flows and authority, increasing the chance of unintended exfiltration of sensitive meeting content.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This script does more than read meeting data: it programmatically registers a webhook that causes Fathom to push recordings, transcripts, summaries, and action items to an external endpoint. In the context of a skill described as fetching meeting data, adding outbound event delivery materially expands the data flow and creates a persistent exfiltration path for sensitive meeting-derived content.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script accepts any user-supplied HTTPS URL and then configures Fathom to send meeting-derived data to that destination, including transcripts, summaries, and action items by default. Because there is no domain validation, ownership verification, or approval workflow, anyone running this with a valid API key can create a durable channel that exfiltrates sensitive meeting content to an arbitrary external service.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill handles highly sensitive content including call recordings, transcripts, summaries, and action items, but it does not warn users that commands may expose private meeting data in terminal output or downstream tooling. In this context, missing disclosure increases the risk of accidental exposure of confidential business or personal information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The webhook setup section instructs users to configure automatic transcript ingestion to an external HTTPS endpoint without warning that sensitive meeting data will be continuously transmitted off-platform. Because transcripts and summaries may contain confidential or regulated data, this omission materially increases the risk of unintentional data leakage.

Session Persistence

Medium
Category
Rogue Agent
Content
### 1. Get Your API Key
1. Go to [developers.fathom.ai](https://developers.fathom.ai)
2. Create an API key
3. Copy the key (format: `v1XDx...`)

### 2. Configure
Confidence
81% confidence
Finding
Create an API key 3. Copy the key (format: `v1XDx...`) ### 2. Configure ```bash # Option A: Store in file (recommended) echo "YOUR_API_KEY" > ~/.fathom_api_key chmod 600 ~/.fathom_api_key

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal