Back to skill
Skillv1.0.0
ClawScan security
Meeting Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 3:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a SenseAudio meeting assistant: it only needs a SenseAudio API key and documents how to call SenseAudio endpoints for realtime and offline transcription, diarization, translation, and note generation.
- Guidance
- This skill appears internally consistent and will send meeting audio and transcript data to SenseAudio endpoints using the SENSEAUDIO_API_KEY you provide. Before installing, confirm you trust https://nightly.senseaudio.cn, review its data-retention and privacy policy, and avoid uploading highly sensitive audio unless the vendor's handling meets your requirements. Protect and rotate the API key like any secret. If you need the skill to avoid sending raw audio to an external service, request an offline/local-only workflow or inspect for a local-processing variant.
Review Dimensions
- Purpose & Capability
- okName/description match the required credential and documented endpoints. The single required env var SENSEAUDIO_API_KEY and the referenced API URLs (api.senseaudio.cn / wss://api.senseaudio.cn) are appropriate for a meeting transcription/assistant skill.
- Instruction Scope
- noteSKILL.md and reference files instruct the agent to upload audio, open WebSocket sessions, and persist session identifiers and final segments for summarization. These actions are expected for the stated purpose, but they do involve transmitting user audio and metadata to the SenseAudio service and optionally storing logs/session ids—users should be aware of privacy/retention implications.
- Install Mechanism
- okInstruction-only skill with no install spec or code to write to disk. This is the lowest-risk install model and matches the skill content.
- Credentials
- okOnly one required environment variable (SENSEAUDIO_API_KEY) is declared and used. That credential is necessary and proportionate for calling the documented SenseAudio REST/WebSocket APIs.
- Persistence & Privilege
- okalways is false and the skill does not request any elevated platform privileges or modify other skills. It allows autonomous invocation by default, which is standard for skills and consistent with its purpose.