AI会议纪要生成器Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a purpose-aligned meeting-minutes helper, but users should treat meeting audio and transcripts as sensitive because the docs mention external AI APIs.

Install only if you are comfortable reviewing or trusting the separately referenced Node implementation. Do not process confidential, regulated, or private meeting recordings unless participants and your organization allow sending that content to the configured transcription and GPT providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README states that meeting audio is processed using external services such as Whisper API and GPT API, but it does not warn users that potentially sensitive meeting content may be transmitted to third-party providers. For a meeting-minutes skill, this is especially risky because recordings and transcripts often contain confidential business, HR, legal, or personal information, so users may unknowingly expose sensitive data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly handles meeting recordings and transcripts, which commonly contain personal data, confidential business discussions, credentials, and other sensitive content. Omitting any warning or handling guidance can cause users to process sensitive material without understanding privacy, retention, or disclosure risks, increasing the chance of accidental data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal