ClawHub

Audio Meeting Minutes

Security checks across malware telemetry and agentic risk

Overview

The skill appears to match its meeting-transcription purpose, but it needs review because it asks for live cloud credentials in chat and sends meeting audio to Alibaba Cloud.

Install only if you are comfortable sending meeting recordings and transcripts to Alibaba Cloud NLS and WorkBuddy AI. Use short-lived, least-privilege NLS credentials, avoid pasting long-lived secrets into chat, review the selected folder before running because all matching audio files may be processed, and avoid confidential or regulated recordings unless your organization approves that data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs use of environment variables, shell execution, file writing, and network access but does not declare corresponding permissions. This undermines transparency and informed consent, making it harder for users or policy layers to understand that the skill will access files, invoke scripts, and transmit data externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The stated purpose emphasizes meeting transcription and minutes generation, but the workflow also scans NAS/network-share locations and uploads audio to Alibaba Cloud NLS. That behavior is security-relevant because meeting recordings often contain sensitive business information, and undisclosed external transmission materially changes the risk profile.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script sends full meeting audio to Alibaba Cloud NLS for transcription, but the skill description emphasizes automatic transcription/summarization without clearly disclosing third-party cloud processing. In a meeting-minutes context, the uploaded audio may contain sensitive business discussions, personal data, or confidential material, making undisclosed external transfer materially risky.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
Printing the NLS AppKey to stdout exposes cloud credentials in logs, terminals, orchestrator output, or agent traces. Even if the AppKey alone is not always sufficient for full compromise, leaking identifiers tied to a cloud account increases the attack surface and may aid credential abuse or account enumeration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that audio is processed by Aliyun NLS cloud speech recognition, but it does not clearly disclose that meeting recordings will be uploaded to and processed by a third-party service. Because meeting audio often contains sensitive business or personal information, this omission can lead users to expose confidential content without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill asks users to paste live cloud credentials directly into chat without a meaningful security warning. Chat channels may be logged, retained, or exposed to other tooling, so collecting active tokens this way increases the chance of credential leakage and unauthorized API use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill omits an upfront warning that meeting audio will be transmitted to an external cloud speech service. Because recordings may contain confidential discussions or regulated data, lack of disclosure prevents informed consent and can lead to unintended data exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code uploads raw audio content to a cloud ASR service without a just-in-time warning or consent checkpoint. Because the skill handles meeting recordings, this omission is more dangerous than in low-sensitivity consumer media workflows: users may reasonably assume local processing while confidential discussions are being transmitted externally.

Ssd 3

Medium
Confidence
98% confidence
Finding
The workflow explicitly tells the agent to request live AppKey and AccessToken values in chat and then inject them into execution environment variables. This is dangerous because secrets handled in conversational context can be logged or reused, and the agent becomes a conduit for operational credentials.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
jinja2>=3.0
Confidence
95% confidence
Finding
requests>=2.28

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28
jinja2>=3.0
Confidence
95% confidence
Finding
jinja2>=3.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

Known Vulnerable Dependency: jinja2 — 10 advisory(ies): CVE-2019-10906 (Jinja2 sandbox escape via string formatting); CVE-2014-1402 (Incorrect Privilege Assignment in Jinja2); CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
jinja2

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal