ClawHub

Tencent Meeting Export

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Tencent Meeting transcript exporter that saves requested meeting data locally, with privacy caveats but no hidden exfiltration or persistence.

Install only if you are authorized to access and export the meeting. Treat generated Markdown or JSON files as sensitive because they may include speaker names, transcript text, summaries, meeting codes, and event history; save them in a secure location and avoid syncing or sharing them unless permitted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill exports meeting transcripts, summaries, chapters, and event data to local Markdown or JSON files, which may contain sensitive business or personal information. Without a clear warning, users may unintentionally persist confidential meeting content to disk, increasing the risk of unauthorized local access, syncing to cloud drives, or accidental sharing.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script exports full meeting transcripts, speaker identities, summaries, and event data directly to local Markdown/JSON files without any consent, privacy warning, redaction option, or confirmation step. In this skill's context, the data is inherently sensitive meeting content, so silently persisting it increases the risk of accidental disclosure, mishandling, or retention of personal and confidential business information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal