Zoom Phone API MCP
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward read-only Zoom Phone MCP connector, but it relies on an external package/binary and can expose Zoom Phone account data to the agent.
This skill is coherent with its stated purpose and does not show malicious behavior in the provided artifacts. Before installing, verify the external npm package and configure only the minimum Zoom Phone/API access needed, because read-only phone data can still be sensitive.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to retrieve Zoom Phone information that could include call, user, or account details depending on the configured account permissions.
The skill connects the agent to a Zoom Phone account API. Even read-only access may reveal sensitive phone/account data, but this access is clearly aligned with the stated purpose.
description: MCP server for the Zoom Phone API. Exposes Zoom Phone's REST API as read-only MCP tools.
Use a least-privileged Zoom/API configuration where possible and install it only for agents you trust with Zoom Phone data.
The actual MCP server code comes from outside the provided artifacts, so the reviewed skill text does not by itself prove what the external package does.
The skill relies on an external npm-distributed server/binary, while the submitted artifact set contains only instructions and no reviewed code or install spec.
- **npm:** https://www.npmjs.com/package/@mjquinlan2000/zoom-phone-mcp
Before installing, verify the npm package publisher, version, source repository if available, and installation command.
Zoom Phone data returned by tools may be visible to the invoking agent and could be included in subsequent reasoning or outputs.
The skill exposes Zoom Phone API data through an MCP tool interface over stdio. This is expected for the stated purpose, but users should understand that returned data enters the agent/tool context.
Use mcporter to interact with this server via stdio: ... `mcporter call --stdio zoom-phone-mcp <tool_name> [args]`
Use this only in trusted agent sessions and avoid requesting sensitive Zoom Phone data unless needed for the task.