ClawHub

Granola Meeting Transcripts

v1.0.0

Access Granola meeting transcripts and notes.

3· 2.2k·8 current·8 all-time
by@scald
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Granola meeting transcripts) align with the instructions to call a sync script and store meetings locally. However, the skill implicitly requires the Granola auth file at a macOS-specific path (~/Library/Application Support/Granola/supabase.json) even though the registry metadata lists no required config paths or credentials — that mismatch is noteworthy.
!
Instruction Scope
SKILL.md explicitly instructs running scripts/sync.py and reading a local supabase.json auth file. Reading that auth file is within the apparent purpose (to authenticate to Granola), but the instructions do not declare this config dependency in the manifest and do not show what the sync script does with the tokens (where it sends API requests, error handling, logging, or whether any data is forwarded elsewhere).
Install Mechanism
No install spec (instruction-only) — lowest install risk. SKILL.md asks the user to pip install 'requests' and run the provided Python script; that is a low-risk, typical dependency request. There is no remote download or archive extraction in the manifest.
!
Credentials
The skill requires access to a local auth file containing tokens but the manifest declares no required env vars or config paths. Access to a supabase.json with auth tokens is sensitive and should have been declared; the absence of declared credentials/config paths makes it unclear what secrets will be read and how they are used.
Persistence & Privilege
The skill itself is not marked 'always' and model invocation is not disabled. SKILL.md recommends setting up an automated clawdbot_cron job to run the sync periodically — that is a user-configured persistence mechanism (manual action by the user) rather than an implicit skill-level privilege, but it does increase how often the machine and tokens will be accessed if installed.
What to consider before installing
This skill appears to do what it says (sync Granola meetings), but it reads a macOS auth file (~/Library/Application Support/Granola/supabase.json) that contains tokens. Before installing or scheduling the cron job: (1) open and review scripts/sync.py to confirm it only calls Granola/Supabase endpoints and does not exfiltrate data to unknown hosts; (2) ensure you are comfortable with the script having read access to supabase.json (back up and inspect that file first); (3) prefer running the script manually once to observe network activity, or run it in a restricted environment; (4) ask the publisher to update the manifest to declare the required config path/credentials and to document exactly which endpoints the script contacts. If you cannot inspect the script or get clarification, treat this as higher-risk and avoid installing or scheduling automatic sync.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🥣 Clawdis
Binspython3
latestvk979nnxqyqxk22g5f0yrndd8w57yqxrt
2.2kdownloads
3stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@scald
latest
Download

granola

Access Granola meeting transcripts, summaries, and notes.

Setup

Granola stores meetings in the cloud. To access them locally:

  1. Install dependencies:
pip install requests
  1. Run initial sync:
python ~/path/to/clawdbot/skills/granola/scripts/sync.py ~/granola-meetings
  1. Set up automatic sync via clawdbot cron:
clawdbot_cron({
  action: "add",
  job: {
    name: "Granola Sync",
    description: "Sync Granola meetings to local disk",
    schedule: { kind: "cron", expr: "0 */6 * * *", tz: "America/New_York" },
    sessionTarget: "isolated",
    wakeMode: "now",
    payload: {
      kind: "agentTurn",
      message: "Run the Granola sync: python {skillsDir}/granola/scripts/sync.py ~/granola-meetings",
      deliver: false
    }
  }
})

The sync script reads auth from ~/Library/Application Support/Granola/supabase.json (created when you sign into Granola on macOS).

Data Structure

After sync, each meeting is a folder:

~/granola-meetings/
  {meeting-id}/
    metadata.json   - title, date, attendees
    transcript.md   - formatted transcript  
    transcript.json - raw transcript data
    document.json   - full API response
    notes.md        - AI summary (if available)

Quick Commands

List recent meetings:

for d in $(ls -t ~/granola-meetings | head -10); do
  jq -r '"\(.created_at[0:10]) | \(.title)"' ~/granola-meetings/$d/metadata.json 2>/dev/null
done

Search by title:

grep -l "client name" ~/granola-meetings/*/metadata.json | while read f; do
  jq -r '.title' "$f"
done

Search transcript content:

grep -ri "keyword" ~/granola-meetings/*/transcript.md

Meetings on a specific date:

for d in ~/granola-meetings/*/metadata.json; do
  if jq -e '.created_at | startswith("2026-01-03")' "$d" > /dev/null 2>&1; then
    jq -r '.title' "$d"
  fi
done

Notes

  • Sync requires the Granola desktop app to be signed in (for auth tokens)
  • Tokens expire after ~6 hours; open Granola to refresh them
  • macOS only (auth file path is macOS-specific)
  • For multi-machine setups, sync on one machine and rsync the folder to others

Comments

Loading comments...