ClawHub

Meeting Minutes Zh

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese meeting-minutes formatting skill with no executable code, hidden install steps, credential use, network access, or background behavior.

Safe to install for meeting-minute drafting. Meeting notes can contain confidential business, personnel, or client details, so provide only content you want the agent to process and review generated minutes before saving or sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description is very broad and can cause the skill to activate on loosely related requests without clearly stating what inputs are in scope. In an agent setting, ambiguous routing can lead to unintended handling of sensitive meeting content or inappropriate use when the user wanted a different transformation task.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage examples are open-ended and all encourage broad document transformation, but they do not show refusal cases or limits. This increases the chance of over-invocation and accidental processing of content beyond intended meeting-minute generation, especially in automated tool-selection environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill declares write access but does not warn that it may create or modify files, which can surprise users and lead to unintended persistence of sensitive meeting summaries. Because meeting minutes often contain confidential project, personnel, or client information, silent writes increase the risk of data exposure or unwanted document changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal