ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Open Utter (Meeting Bot)

v1.0.1

Headless Google Meet bot that joins meetings and captures live captions as transcripts.

0· 381·1 current·1 all-time
bySuman Sigdel@sumansid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (headless Google Meet bot capturing captions) matches the included scripts and runtime instructions. Node + Playwright automation is expected. However, the skill reads/writes several home-directory files (e.g. ~/.openutter/auth.json, ~/.openutter/auth-meta.json, ~/.openclaw/workspace/openutter/...) but the registry metadata declared no required config paths or credentials — the manifest omits these important local filesystem dependencies.
!
Instruction Scope
SKILL.md explicitly instructs the agent to read ~/.openutter/auth-meta.json before asking the user, to always pass channel/target so the bot can 'send screenshots and status images directly to the user's chat', and to run background processes. The instructions permit reading/writing session files and transcripts and call external commands (openclaw message send). Reading local session state and sending meeting content to a chat are within the skill purpose, but the explicit reading of a private auth-meta.json and the requirement that channel/target be supplied are broad actions that should be disclosed in the manifest.
Install Mechanism
There is no install spec and the skill is instruction-plus-scripts only (no network downloads). That lowers install risk; the scripts expect playwright-core (not auto-installed here) and instruct how to run them. No external downloads or extract steps are present.
!
Credentials
The skill requests no environment variables or credentials in the registry, but the code persists and reads highly sensitive local artifacts: ~/.openutter/auth.json (Playwright storageState) contains Google cookies/localStorage (session tokens), and auth-meta.json stores the saved account email and timestamp. Those are effectively credentials allowing the bot to join meetings as an authenticated user. The manifest should have declared these config paths and the credential-like nature of auth.json. The bot also writes transcripts and screenshots to ~/.openclaw/workspace/openutter/ which can contain sensitive meeting content.
Persistence & Privilege
The skill is a long-running background process (utter-join stays in meetings), writes a PID file and persistent profile/auth files, and supports signaling for on-demand screenshots. It does not set always:true or modify other skills' configs, but its persistent Google session and long-running nature increases the blast radius if the code is malicious or compromised.
What to consider before installing
This skill does what it claims, but it stores and reads sensitive local session data (Playwright storageState in ~/.openutter/auth.json and auth-meta.json) that let the bot join as your Google account without host approval. The registry metadata did not declare these config paths or the persistent credential-like file. Before installing: 1) Only use --auth (authenticated mode) if you fully trust the skill's source — otherwise prefer guest mode (--anon) so nothing stores your Google session. 2) Inspect the scripts yourself (they're included) and consider running them in an isolated VM or container. 3) If you authenticate, be aware auth.json contains cookies/localStorage; delete it when done or restrict its filesystem permissions. 4) The skill sends screenshots and messages using the local openclaw CLI when given a channel/target; confirm you want meeting screenshots/transcripts forwarded to chat. 5) If you need higher assurance, ask the publisher to declare the required config paths and explain how auth.json is protected, or prefer a skill that does not persist your Google credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9702khct5y4neqvag6vcsz4tx824ppq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦦 Clawdis
Binsnode

Comments