Zoho
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zoho Version: 2.0.2 The skill is classified as suspicious due to its broad API permissions and the explicit instruction to send potentially sensitive meeting audio recordings to the Google Gemini API for transcription, as detailed in `SKILL.md`, `README.md`, and `scripts/standup-summarizer.sh`. While this functionality is openly declared and requires the user's `GEMINI_API_KEY`, the act of transmitting private meeting content to a third-party service represents a significant data privacy and exfiltration risk if not fully understood or consented to by the user. Additionally, the `zoho raw GET` command in `SKILL.md` allows the AI agent to make arbitrary API calls within the granted broad scopes, increasing the potential attack surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent could read or change large parts of the user's Zoho business data, and printed tokens could expose account access.
The skill requests broad offline Zoho permissions and documents a command that prints an access token, creating both overbroad account authority and a risk that tokens appear in agent logs or chat output.
zoho token # Print current access token (auto-refreshes) ... scope=ZohoCRM.modules.ALL,ZohoCRM.settings.ALL,ZohoProjects.projects.ALL,ZohoProjects.tasks.ALL ... access_type=offline ... Save the refresh_token — this is your long-lived credential.
Use the smallest Zoho scopes needed, avoid printing tokens in agent-visible contexts, rotate tokens if exposed, and require explicit confirmation for write or delete actions.
The skill may fail, or users may end up relying on an unreviewed or path-provided Zoho CLI for sensitive OAuth and business-data operations.
The provided package manifest does not include bin/zoho, while the README, SKILL.md, skill.json, and script rely on that CLI for token refresh and API calls.
No install spec — this is an instruction-only skill. ... File manifest 7 file(s): README.md, SKILL.md, references/crm-api.md, references/meeting-api.md, references/projects-api.md, scripts/standup-summarizer.sh, skill.json
Do not install for production use until the required bin/zoho executable is included, reviewed, versioned, and its source/checksum is clear.
A user reviewing only install metadata may believe the skill needs no credentials, while actual use requires powerful account secrets.
This registry-level credential contract conflicts with the skill's documented need for Zoho client secrets, a refresh token, org IDs, and optionally a Gemini API key.
Required env vars: none; Env var declarations: none; Primary credential: none
Update the registry metadata to declare the Zoho and Gemini credentials and clearly label which are required, optional, and secret.
Meeting recordings may contain confidential business, customer, or employee information that leaves Zoho/local storage and is processed by Google.
The standup summarizer extracts meeting audio and uploads it to Google's Gemini API for transcription.
curl -s -X POST "https://generativelanguage.googleapis.com/upload/v1beta/files?key=${GEMINI_API_KEY}" ... --data-binary "@${WAV_FILE}"Use this only with meeting-participant and organizational approval, review Google/Gemini retention policies, and consider per-meeting opt-in or redaction.
If configured as cron, the skill can repeatedly download and transcribe daily recordings without a fresh prompt each time.
The documentation encourages scheduled background execution of the summarizer.
Works great as a cron job for automated daily standups.
Schedule it only intentionally, log its runs, limit which recordings it processes, and disable the cron job when no longer needed.