ClawHub

Zoho

Security checks across malware telemetry and agentic risk

Overview

This Zoho skill is mostly purpose-aligned, but it needs review because it grants broad long-lived Zoho access, can change or delete business data, and can send meeting recordings to Google Gemini.

Install only after confirming you trust the publisher and have reviewed the missing zoho CLI wrapper source. Use a dedicated least-privilege Zoho OAuth app, request only needed scopes, protect the refresh token, require explicit confirmation before CRM or Projects writes/deletes, and run the Gemini meeting summarizer only for recordings whose participants and organization have approved third-party transcription.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script is designed to extract Zoho Meeting recordings and send their audio content to Google's Gemini API for transcription, creating a cross-boundary transfer of potentially sensitive meeting data to a third party. In the context of a Zoho-focused skill, this materially expands data exposure and can violate least-privilege, privacy expectations, and organizational data handling rules even if done for a functional purpose.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code uploads extracted meeting audio and generated content requests to Gemini, which exceeds a narrow Zoho integration scope and introduces unauthorized external processing of meeting content. Because recordings may contain internal discussions, credentials, customer data, or business strategy, this behavior creates a meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automated downloading and transcription of meeting recordings, including cron-based unattended execution, but does not clearly warn users that recordings may contain sensitive personal, business, or regulated data. Because the workflow also sends content to an external transcription provider, users may unknowingly create privacy, consent, retention, and cross-border data transfer risks.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger language includes very common business terms like projects, tasks, milestones, meetings, and recordings, which may cause the skill to activate in unrelated contexts. Overbroad invocation is dangerous here because the skill supports authenticated API access and potentially destructive or privacy-sensitive operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a direct delete command for CRM records without any warning, dry-run mode, or confirmation guidance. In an agent context, this raises the likelihood of accidental destructive actions against production CRM data with immediate business impact.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The meeting workflow describes downloading recordings, extracting audio, transcribing content, and summarizing it without any privacy, consent, retention, or third-party sharing notice. Because meeting recordings often contain confidential or regulated information, this can lead to unauthorized disclosure and compliance violations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script silently transfers meeting recordings to Gemini without any user-facing warning, consent, or confirmation step. That makes accidental disclosure more likely because operators may assume the skill remains within Zoho while the script actually exports raw meeting content and transcripts externally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal