ClawHub

skill-a-create-meeting

Security checks across malware telemetry and agentic risk

Overview

This meeting automation skill is mostly coherent, but it deserves Review because broad trigger rules can lead to meeting creation, repository writes, member email lookup, logging, and email preparation without a clear final confirmation step.

Review carefully before installing. Use a least-privilege Gitea bot token limited to the intended repositories, verify the configured Gitea server and meta repository, inspect the .env file before running setup.sh, and require a clear meeting summary and approval before allowing the workflow to create meetings, write repository files, collect recipient emails, or send invitations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill says that virtually any request resembling 'create a meeting' must preferentially trigger this skill, making activation extremely broad and likely to match ordinary conversation. Because the skill coordinates repository writes, logging, member/email lookup, and downstream email preparation, an overbroad trigger can cause unintended side effects from ambiguous user input.

Vague Triggers

High
Confidence
94% confidence
Finding
The listed trigger examples include very common and context-light phrases such as '开个会', '约个会', and time-only expressions, which are too vague to safely distinguish actionable meeting creation from exploratory or informal chat. In this skill's context, accidental activation is more dangerous because it can cascade into Tencent Meeting creation, Gitea writes, logs, and email workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly creates repository directories/files, writes logs, looks up member emails, and prepares invitation emails, but the skill does not require a user-facing notice or confirmation about these data writes and outbound communications. This weakens informed consent and increases the risk of unintentional disclosure of participant information or unintended repository modifications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The child process inherits the full parent environment (`env: process.env`), which may include secrets such as API tokens, SMTP credentials, or repository access credentials unrelated to the task. In a skill that orchestrates meeting creation and downstream Gitea/email operations, passing all environment variables to another runtime unnecessarily broadens secret exposure and increases the blast radius if the Python script is compromised, logs its environment, or is influenced by untrusted inputs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal