ClawHub

Smart Meeting Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it sends meeting audio and transcripts to a configured external API, so users should treat meeting content as shared with that provider.

Install only if you are comfortable sending selected meeting recordings and transcripts to the configured AstronClaw API endpoint. Verify ASTRONCLAW_API_BASE, protect the API key, get any needed participant consent, and avoid using it for highly confidential meetings unless the provider terms and retention policy are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tainted flow: 'url' from os.environ.get (line 180, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
data = {"model": "whisper-1", "language": language}
    headers = {"Authorization": f"Bearer {API_KEY}"} if API_KEY else {}
    
    response = requests.post(url, files=files, data=data, headers=headers)
    
    if response.status_code != 200:
        raise Exception(f"转写失败: {response.status_code} - {response.text}")
Confidence
94% confidence
Finding
response = requests.post(url, files=files, data=data, headers=headers)

Tainted flow: 'url' from os.environ.get (line 180, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"temperature": 0.3,
    }
    
    response = requests.post(url, json=payload, headers=get_headers())
    
    if response.status_code != 200:
        raise Exception(f"生成纪要失败: {response.status_code} - {response.text}")
Confidence
93% confidence
Finding
response = requests.post(url, json=payload, headers=get_headers())

Tainted flow: 'url' from os.environ.get (line 180, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"response_format": {"type": "json_object"},
    }
    
    response = requests.post(url, json=payload, headers=get_headers())
    
    if response.status_code != 200:
        raise Exception(f"提取待办失败: {response.status_code} - {response.text}")
Confidence
93% confidence
Finding
response = requests.post(url, json=payload, headers=get_headers())

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documentation shows capabilities requiring environment access, file read/write, and network access, but it does not declare any permissions or clearly scope those capabilities. This creates a transparency and governance gap: users and platform controls may not understand that the skill can access local files, use API keys from the environment, and send meeting data to an external service.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to configure an external API and process meeting recordings, but it does not warn that meeting audio and derived transcripts may be transmitted to a third-party service. Because meeting recordings often contain sensitive business or personal information, this omission can lead to unintentional disclosure of confidential data and non-compliance with privacy or consent requirements.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill transmits audio and later transcript-derived meeting content to an external API without clear upfront notice or consent gating. In a meeting-assistant context, the data is likely to contain sensitive business discussions, personal information, or regulated content, so silent transmission materially increases privacy and compliance risk.

Ssd 3

Medium
Confidence
90% confidence
Finding
The tool forwards full transcripts verbatim to the LLM for summarization and todo extraction, exposing all participant statements, names, and possibly confidential details to a third-party processor. In this skill's context, that is especially sensitive because meeting transcripts often contain internal strategy, HR, legal, or customer data.

Ssd 3

Medium
Confidence
88% confidence
Finding
The prompt explicitly requests contextual excerpts for each todo item, which encourages the model to reproduce additional sensitive transcript content beyond what is necessary to track actions. This increases the amount of confidential information stored in outputs and widens downstream exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal