Zoom Meetings
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: zoom-meeting Version: 1.1.5 The zoom-meeting skill bundle is a standard implementation for managing Zoom meetings via the official Zoom REST API. The Python script (scripts/zoom_api.py) correctly implements Server-to-Server OAuth and standard CRUD operations without any signs of data exfiltration, obfuscation, or malicious execution. The instructions in SKILL.md are aligned with the stated purpose and do not contain prompt-injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill should understand that it can act on the configured Zoom account, including listing, creating, retrieving, and deleting meetings.
The skill uses local Zoom Server-to-Server OAuth credentials, which is expected for Zoom API access but gives the skill delegated authority over Zoom meetings.
**Credentials location:** `~/.openclaw/credentials/zoom.json`
Use a Zoom app with the minimum required scopes, protect the credential file, and only enable this skill where meeting-management actions are appropriate.
If the agent misunderstands a request, it could cancel the wrong Zoom meeting.
Deleting meetings is a user-visible account mutation. This is part of the stated purpose, but the instructions do not require an explicit confirmation before deletion.
### 4. delete_meeting Delete a Zoom meeting.
Ask for explicit confirmation before deleting a meeting, especially when the request is ambiguous or the meeting ID was inferred.
Participants may be able to join before the host and without waiting-room admission, which may be inappropriate for sensitive meetings.
New meetings are created with join-before-host enabled and waiting room disabled. This is not hidden, but it is a meeting-security-relevant default.
"settings": {
"join_before_host": True,
"mute_upon_entry": False,
"waiting_room": False
}Review and adjust the default meeting security settings before using this skill for confidential or public meetings.
The skill may fail or rely on packages already present in the environment, and users have less clarity about dependency installation.
The skill references Python dependencies, but the supplied install specifications say there is no install spec. This is an under-declared setup detail rather than evidence of malicious behavior.
- `requests` - For HTTP requests to Zoom API - `pytz` - For timezone conversions (installed automatically)
Declare dependencies and installation steps explicitly, preferably with pinned package versions.