Skillv1.0.0

ClawScan security

Meeting Note · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 2:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's meeting-note instructions match its stated purpose, but they assume writing/indexing into the agent's knowledge network (e.g., '落盘' to 03_索引/ and calling 'index-note 模式三') without declaring required config paths or permission—this mismatch warrants review before installing.
Guidance: This skill appears coherent for producing structured, decision-focused meeting notes and for creating Zettelkasten-style links. Two things to check before installing or running it with real/privileged data: 1) File-system / indexing access: The SKILL.md expects the agent to '落盘' notes and to call 'index-note 模式三', placing content under paths like '03_索引/'. Confirm how your agent implements 'index-note' and whether this skill will be allowed to write into your workspace/knowledge repo. If you don't want automatic writes/indexing, run the skill in a read-only/test mode or remove/disable the indexing step. 2) Sensitive inferences & privacy: The workflow explicitly asks the agent to infer '隐藏/未明说内容' and '权力动态' from meeting content. That can surface sensitive or political information. Avoid feeding confidential transcripts until you verify storage and access controls; test with sanitized samples first. Additional suggestions: ask the skill author or platform how 'index-note 模式三' behaves (local file write vs. remote API), and whether the skill logs or transmits notes externally. If you need stronger guarantees, require the skill to declare the config paths or ask the platform to enforce an allowlist for write/index operations.

Review Dimensions

Purpose & Capability: okName, description, README, and SKILL.md consistently describe a decision-oriented meeting-note extractor that produces structured minutes, action items, and Zettelkasten links. There are no unrelated dependencies or requested credentials; the claimed functionality aligns with the instructions.
Instruction Scope: concernSKILL.md instructs the agent to '落盘' (persist) notes using a filename convention, produce >=2 [[双向链接]], and—'必要时调用 index-note 模式三（内容入网）'—to index the note under '03_索引/'. These are explicit file/write/index operations and an invocation of another indexing mode (an external workflow). The skill metadata declares no config paths, file-system access, or integration permissions, so the runtime instructions require capabilities not declared in the skill manifest. Also, the instructions direct the agent to produce inferences about hidden assumptions/power dynamics (expected for the purpose but sensitive), so users should be aware this may surface private or politically sensitive content.
Install Mechanism: okInstruction-only skill with no install spec and no code files; low installation risk. README suggests CLI install commands for the ecosystem, but there is no embedded download or archive. Scanner found no code to analyze.
Credentials: noteThe skill requests no environment variables or credentials (consistent with a local note-processing tool). However, the SKILL.md references writing into an index path ('03_索引/') and calling 'index-note' mode 3 to integrate the note into a knowledge network. Those actions imply file-system or service access that is not declared in requires.config/paths — a proportionality mismatch between declared requirements (none) and implied runtime actions (write/index).
Persistence & Privilege: okalways:false and normal autonomous invocation; nothing in the manifest requests permanent elevated presence. The only persistence-related behavior is the skill's expectation to write notes and index them in the agent's knowledge base, which is normal for a note-taking skill but should be explicitly authorized by the user/system.