ClawHub

ai-meeting-notes

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent meeting-notes tool, but it automatically saves raw pasted notes while also telling users that nothing is stored.

Install only if you are comfortable with pasted meeting content being written into workspace files, including raw notes. Avoid using it with confidential, legal, HR, customer, credential, or strategy discussions unless you first edit the skill or workflow to disable raw-note retention and confirm where meeting-notes/ and todo.md are stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill publicly claims that notes are only processed in-conversation and that nothing is stored, while its instructions explicitly require saving meeting notes and maintaining persistent workspace files. This mismatch undermines informed consent and can cause users to disclose sensitive transcripts, believing they are ephemeral when they are actually retained.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The FAQ says 'nothing is stored,' but the skill repeatedly instructs the AI to auto-save notes, preserve raw input, and maintain todo.md. This is a direct contradiction about data retention and creates a privacy and trust risk, especially for confidential meeting content.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language is extremely broad ('Just paste your notes') and encourages use on virtually any pasted text without narrowing scope or warning about persistence. In practice, this increases the chance the skill will process and store sensitive non-meeting content such as emails, chats, or transcripts that users did not expect to be written to disk.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Claiming support for 'any meeting notes, transcript, or text' sets an overly permissive boundary for a skill that also persists content. The combination of vague scope and automatic saving makes accidental capture of sensitive material more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that every extraction is automatically saved and that raw notes are preserved, but the user-facing description does not prominently warn that original pasted content will be written to workspace files. Users may therefore reveal confidential information without understanding the retention and workspace-modification behavior.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The to-do tracking feature writes extracted tasks into todo.md, yet the user-facing text does not clearly frame this as a persistent workspace modification. While lower impact than raw-note storage, it can still create unintended records of internal tasks, owners, and deadlines.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the system to preserve all original pasted notes for later reference, enabling long-term retention and retrieval of potentially sensitive user content. Meeting notes often contain confidential discussions, personal data, credentials, legal issues, or business strategy, so default raw retention materially expands exposure.

Ssd 3

High
Confidence
98% confidence
Finding
The AI instructions mandate saving the user's original pasted input exactly as provided inside the output file. Exact raw retention maximizes the chance that secrets, personal data, legal content, or confidential business information are copied into persistent storage and later surfaced through search or file access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal