ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI会议纪要生成器Pro

v1.0.0

AI 会议纪要生成器 - 自动整理会议录音或文字记录,生成结构化会议纪要。支持提取待办事项、决策点、关键结论,输出专业格式的会议文档。

0· 76·0 current·0 all-time
by@ryan-wuxl·duplicate of @ryan-wuxl/ai-meeting-minutes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill describes running node scripts (scripts/minutes.mjs) and using Whisper and GPT APIs. The manifest requires only 'node' and there are no code files included. Requiring node without including the scripts (or instructions to fetch them) is inconsistent with the stated functionality.
Instruction Scope
SKILL.md shows example CLI invocations (node scripts/minutes.mjs --audio/--input) that are narrowly scoped to processing local files. It does not instruct reading unrelated system files or env vars. However README states external services (Whisper/GPT) will be used but provides no details on endpoints, credentials, or what data is sent to those services.
Install Mechanism
No install spec and no code files — instruction-only — so nothing will be downloaded or written during install. This is the lowest install risk, but also means required runtime artifacts are missing.
!
Credentials
The README lists Whisper API and GPT API as components, which normally require API keys or credentials, but the skill declares no required environment variables or primary credential. Missing declared credentials is disproportionate and unexplained.
Persistence & Privilege
always is false and there are no config paths or persistence requests. The skill does not request elevated or permanent privileges.
What to consider before installing
Do not install or run this skill until you verify the missing pieces. Ask the publisher for the actual scripts (scripts/minutes.mjs) and a clear explanation of which external services (Whisper, OpenAI GPT, or others) are called and what credentials they require. Do not supply API keys or secrets until you confirm the code and endpoints. If you must test it, run it in an isolated environment and inspect the scripts for network calls and where data is sent. If the author intends the skill to call external APIs, they should declare required environment variables (API keys) and include or point to the code; the current mismatch is suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aypqsrjs3xpaews9qz161sh83a4t4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binsnode

Comments