Back to skill

Security audit

Granola Meeting Transcripts

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it syncs Granola meeting data to local files using the user's existing Granola desktop login, which is sensitive but disclosed and purpose-aligned.

Install only if you are comfortable with a local script using your signed-in Granola desktop session to download meeting history. Store the output folder in a protected location, avoid placing it in shared or broadly synced folders, and enable the cron job only if you want ongoing background updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation instructs users to run a Python sync script that performs network access and writes meeting data to local disk, but the skill declares no corresponding permissions. This creates a transparency and trust problem: users and reviewing systems are not clearly informed that the skill can exfiltrate cloud data to local storage and repeatedly sync it via automation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill promotes syncing meeting transcripts, summaries, notes, and full API responses from a cloud service to local folders without any privacy warning or handling guidance. Meeting artifacts often contain sensitive business, personal, or regulated information, so silently normalizing bulk local storage increases the risk of unintended disclosure, insecure sharing, backup propagation, or access by other local processes/users.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script exports highly sensitive meeting content, attendee information, transcripts, and notes to local disk and also retrieves that data from a remote service using a locally harvested access token, but it provides only minimal usage text and no meaningful privacy or consent warning. In a meeting-transcript skill, this context increases risk because the data commonly contains confidential business discussions and personal information, so silent bulk sync to a default directory can expose users to accidental disclosure.

Credential Access

High
Category
Privilege Escalation
Content
def get_token():
    """Get access token from Granola's local auth file."""
    if not SUPABASE_PATH.exists():
        print(f"Error: Auth file not found at {SUPABASE_PATH}")
        print("Make sure Granola is installed and you're signed in.")
Confidence
96% confidence
Finding
access token

Credential Access

High
Category
Privilege Escalation
Content
token = tokens.get("access_token")
    
    if not token:
        print("Error: No access token found. Try signing into Granola again.")
        sys.exit(1)
    
    # Check expiration
Confidence
97% confidence
Finding
access token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.