Back to skill
Skillv1.0.2
ClawScan security
Meeting Summarizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 7:54 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and dependencies align with its stated purpose (SenseAudio meeting transcription) and request only a single API key plus common Python libraries.
- Guidance
- This skill appears coherent for using SenseAudio to transcribe meetings. Before installing: 1) Only provide the SenseAudio API key (SENSEAUDIO_API_KEY); do not reuse highly privileged keys if you can issue a restricted key. 2) Confirm you trust https://senseaudio.cn and are comfortable sending audio/transcripts to that service (transcripts can contain sensitive data). 3) Be aware the skill will install Python packages requests and websockets (normal for this use). 4) If you want LLM-based summaries, provide a separate LLM credential as recommended; the skill will not assume other provider keys. If you want extra assurance, review your API key permissions/rotation policy and inspect network traffic or environment handling in your runtime before granting the key.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (python3), required env var (SENSEAUDIO_API_KEY), and declared install packages (requests, websockets) match a Python-based client for SenseAudio ASR. Nothing requested appears unrelated to meeting transcription.
- Instruction Scope
- okSKILL.md instructs the agent to read only the SENSEAUDIO_API_KEY, call SenseAudio HTTP and WebSocket endpoints, and perform local transcript summarization. It does not instruct reading unrelated files, other env vars, or posting data to third-party endpoints beyond the documented SenseAudio API.
- Install Mechanism
- okInstall spec only lists common Python packages (requests, websockets). There are no arbitrary URL downloads or archive extraction steps; risk from installation is low and proportional to a Python helper.
- Credentials
- okOnly a single credential (SENSEAUDIO_API_KEY) is required and used as the Bearer token for SenseAudio API calls; this is appropriate for the stated functionality and is explained in the docs.
- Persistence & Privilege
- okSkill is not marked always:true, does not request system-wide config changes, and is instruction-only (no bundled code modifying other skills). Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.