ClawHub

Elastolink Meeting Skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Elastolink meeting connector, but it needs Review because it handles API tokens and meeting data with broad activation and weak disclosure.

Install only if you trust the Elastolink/Ideasprite endpoint and are comfortable letting the skill access meeting lists, meeting content, and exported documents. Before use, restrict activation to explicit Elastolink requests, avoid pasting long-lived tokens into chat or command arguments, keep .env out of source control and backups, and prefer a safer secret store or per-session environment variable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims the AI does not need to handle token strings, but its workflow explicitly instructs the agent to ask the user for a raw token and pass it on the command line to a script. This creates credential exposure risk because tokens may appear in chat history, process arguments, shell logs, or telemetry, and the contradictory guidance increases the chance the agent mishandles secrets.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to activate on generic terms like meeting, 会议, or MCP tools, which can cause the skill to run in unrelated contexts. In a skill that can access local files and meeting service data, unintended activation increases the risk of unnecessary credential prompts, data access, or execution of local scripts without a sufficiently specific user request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents automatic token storage in a local .env file but does not clearly warn the user that credentials will be persisted on disk. This is dangerous because users may disclose sensitive API tokens without informed consent, and local persistence can expose credentials to other processes, backups, or users on the same system.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference documents tools that list meetings and retrieve meeting details, markdown, and office documents from a remote server, but it does not warn that these operations may expose sensitive meeting content or downloaded documents. In a skill meant to be used by an agent, this omission increases the risk of unreviewed access to confidential business data and accidental disclosure to users or downstream systems.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script reads a secret from the project's .env file and prints the token directly to stdout, which can expose credentials through terminal history, logs, parent processes, CI output, or other tooling that captures standard output. In the context of an agent skill that can be invoked automatically for MCP/meeting-service operations, this behavior increases the chance of unintended credential disclosure and downstream account or API misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script stores a bearer token in a project-local .env file in plaintext without any safeguards, warnings, permission hardening, or validation that the file is excluded from source control. If the workspace is shared, backed up, indexed, or accidentally committed, the token can be exposed and reused to access the meeting service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal