AI会议纪要生成器

Security checks across malware telemetry and agentic risk

Overview

This skill is a purpose-aligned meeting-minutes helper, but users should understand that meeting content may go to external AI APIs and the referenced Node script is not included in the reviewed package.

Before installing or using this skill, verify the missing scripts/minutes.mjs implementation from a trusted source. Do not process confidential, regulated, or consent-sensitive meeting recordings unless you are comfortable with the relevant AI provider handling, retention, and access terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README states that audio transcription uses external APIs such as Whisper and GPT, but it does not warn users that meeting recordings or transcripts may be transmitted to third-party services. For a meeting-minutes skill, inputs often contain sensitive business, personal, or confidential information, so lack of disclosure can lead to unintended data exposure and privacy/compliance issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal