ClawHub
Back to skill
v1.0.4

Meeting Assistant

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:36 PM.

Analysis

The skill matches its meeting-recording purpose, but it needs review because crafted meeting titles could be interpolated into AppleScript prompts and it installs persistent macOS recording/detection services.

GuidanceReview and preferably patch the osascript prompt escaping issue before installing. If you proceed, install only from a trusted pinned source, understand the LaunchAgents it creates, grant macOS recording/accessibility/calendar permissions deliberately, keep summaries local unless external sharing is intended, and define how recordings and transcripts will be deleted.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
scripts/notify.py
script = (f'display dialog "{message}" ' ...)
subprocess.run(["osascript", "-e", script], ...)
...
elif action == "ask_record":
    print(ask_record(sys.argv[2]))

The meeting title is accepted from command-line input and interpolated directly into AppleScript source without escaping before osascript executes it.

User impactA maliciously crafted calendar event title or meeting/window title could potentially cause the local prompt command to run unintended AppleScript on the user's Mac.
RecommendationEscape AppleScript string literals or pass user text through osascript argv instead of interpolating it into source; sanitize titles from calendars and windows before displaying prompts.
Rogue Agents
SeverityMediumConfidenceHighStatusNote
SKILL.md
8. Install LaunchAgent background services

The installer creates persistent macOS background services for the meeting assistant.

User impactThe assistant can keep running in the background to detect meetings and manage recording workflows after setup.
RecommendationBefore installing, confirm which LaunchAgents are created and make sure there is a clear way to disable or uninstall them when no longer needed.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
git clone https://github.com/Nowhitestar/meeting-assistant.git
cd meeting-assistant
bash meeting-assistant/scripts/setup.sh

The documented install path runs a setup script from an unpinned repository checkout.

User impactThe code run during setup could differ over time if the repository changes.
RecommendationInstall from a trusted release or pinned commit, inspect setup.sh before running it, and avoid enabling optional dependencies such as tunnels or external outputs unless needed.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Calendar authorization uses `gog`; refresh tokens are stored in the system Keychain.

Google Calendar integration uses OAuth refresh tokens and can read configured calendar events.

User impactIf enabled, the skill can access meeting titles, times, links, descriptions, and attendee information from configured calendars.
RecommendationUse the minimum calendar scope needed, keep OAuth credentials out of chats and repositories, and revoke the OAuth client/token if the skill is removed or compromised.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
WAV → transcribe.py → whisper-cli
          ↓
 transcript.txt + summary_request queue
          ↓
 OpenClaw heartbeat agent → final summary.md

Meeting recordings and transcripts are persisted locally and then handed to an agent queue for summarization.

User impactPrivate meeting content may remain on disk and be reused by an agent; transcript text from participants should be treated as untrusted data during summarization.
RecommendationStore recordings/transcripts in a protected directory, define retention/deletion expectations, and ensure the summarizer treats transcript contents as data rather than instructions.
Insecure Inter-Agent Communication
SeverityMediumConfidenceMediumStatusNote
scripts/config.example.json
"output": {
  "channel": "file",
  "zulip": { ... },
  "notion": { "api_key_env": "NOTION_API_KEY" },
  "telegram": { "chat_id": "" }
}

The configuration supports optional delivery of meeting outputs to third-party services.

User impactIf configured, meeting summaries may leave the local machine and be sent to chat or workspace services.
RecommendationKeep the output channel as local file unless external sharing is intended, and verify recipient chat IDs, streams, databases, and API tokens.