ClawHub

Zoom Meeting Assistance Rtms Unofficial Community

Security checks across malware telemetry and agentic risk

Overview

This meeting recorder largely does what it says, but it handles very sensitive meeting data through exposed endpoints and weakly scoped controls, so it needs review before installation.

Install only in an environment where everyone understands and consents to recording and AI analysis. Put the webhook behind authentication or a trusted forwarding layer, verify Zoom webhook signatures, restrict the notification toggle endpoint, avoid exposing it broadly, and define retention, deletion, and access controls for the recordings and summaries before using it with real meetings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation indicates access to environment secrets and network-facing behavior, including webhook handling and outbound integrations, but no explicit permissions are declared. This creates a transparency and governance gap: operators may enable a skill with broader capabilities than expected, increasing the chance of secret exposure, unintended outbound connectivity, or unsafe deployment in permissive environments.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior materially understates the scope of collection, storage, external processing, and exposed interfaces. In a meeting-capture context, omissions about persisted chat/transcripts/media, external AI processing, and control endpoints are dangerous because users may unknowingly deploy broad surveillance and data-retention functionality without informed consent or appropriate safeguards.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code launches an external local binary (`openclaw`) and passes meeting-derived content to it via subprocess execution. While `execFile` avoids shell injection, this still expands the trust boundary to an arbitrary locally configured executable from `OPENCLAW_BIN`, which may process or exfiltrate sensitive meeting data outside the declared Zoom RTMS workflow. In a meeting-assistance skill handling transcripts, chat, and screenshare context, invoking an unmanaged local agent is more dangerous because the data is highly sensitive and the binary is not constrained or validated here.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The webhook handler sends HTTP 200 immediately and then attempts to return a JSON URL-validation response, which means the validation body will not be delivered correctly. In practice this breaks Zoom webhook verification and can disable or undermine the trust boundary for incoming webhook handling, especially in a service that automatically starts recording and processing meeting data on webhook events.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The /api/notify-toggle endpoints have no authentication or authorization, so any network-reachable caller can enable or disable outbound notifications. That allows an attacker to suppress alerts, interfere with operator awareness, or abuse the system's notification behavior without needing Zoom access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes headless capture of meeting audio, video, transcript, screenshare, chat, and AI analysis, but it does not warn operators about consent, lawful interception, or organizational privacy requirements. In a meeting-recording skill, omission of consent and privacy guidance is dangerous because users may deploy it to covertly capture highly sensitive communications without notifying participants.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents persistent storage of transcripts, chat logs, attendance events, raw audio, video, and AI-generated outputs under recordings/{streamId}/ without warning that these artifacts may contain sensitive personal, business, or regulated data. This increases the chance that operators will retain meeting data indefinitely or insecurely, creating substantial privacy, insider-threat, and breach exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The WhatsApp notification feature is presented as a normal capability without clearly warning that meeting-derived summaries, sentiments, or dialog suggestions may be transmitted to an external third-party messaging platform. Sending derived meeting intelligence off-platform can expose confidential material to unintended recipients, consumer devices, or jurisdictions with different data-handling protections.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This skill is designed to capture highly sensitive meeting content including audio, video, transcript, screenshare, and chat, yet the description lacks a prominent warning about the breadth and persistence of that collection. In this context, insufficient warning materially increases privacy, compliance, and insider-risk exposure because users may not realize that comprehensive meeting records are retained on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises AI analysis and notifications but does not clearly warn that meeting-derived data may be transmitted to external AI or messaging services. For live meetings, undisclosed third-party transmission is a significant risk because confidential content may leave the local environment and become subject to third-party handling, retention, or misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code forwards meeting transcripts, user queries, meeting events, and related context to the OpenClaw agent without any visible consent, minimization, or user-facing notice. Because this skill processes live meeting content that may contain confidential business, personal, or regulated information, silent transmission to an external or separately trusted processing component creates a substantial privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code writes meeting metadata, including meeting identifiers, operator information, and server details, to disk without any visible disclosure, consent flow, retention control, or access protection in this file. In a meeting-assistance context handling sensitive communications, silent local persistence increases privacy, compliance, and data-exposure risk if the host machine or filesystem is accessed by unauthorized users.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill persists transcripts, chat logs, raw audio/video, screen shares, event logs, and AI-generated summaries to local storage and also sends summaries/notifications externally, but this file shows no user-facing notice, consent gating, data minimization, or retention safeguards. Because the skill's purpose is to capture live meeting content, this materially increases the danger: it handles highly sensitive business and personal communications, so undisclosed storage and onward sharing can create serious privacy, legal, and confidentiality exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The prompt explicitly instructs analysis of all meeting participants' transcript content and emotional dynamics, which is privacy-sensitive processing of potentially personal data without any notice, consent check, minimization, or restriction. In the Zoom RTMS context, this is more dangerous because it operates on live meeting data from multiple people, including participants who may not expect per-user sentiment profiling.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This function persistently writes raw meeting audio to disk, and there is no evidence in the code path of notice, consent enforcement, retention controls, or access restrictions before recording storage occurs. In the context of a Zoom RTMS meeting assistant that captures live communications, storing raw audio without explicit disclosure and governance creates significant privacy, compliance, and unauthorized-surveillance risk, especially for multi-party meetings across jurisdictions with consent requirements.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This code persists unique screenshare JPEG frames to disk, which can capture highly sensitive on-screen content such as documents, credentials, chats, or proprietary material. In the context of a Zoom RTMS meeting assistant, this is especially risky because recording and retention of participant screens can create privacy, consent, compliance, and data exposure issues if users are not clearly informed and the storage is not tightly controlled.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code generates a PDF and text timeline summarizing screenshare content, creating durable derived artifacts that may expose sensitive visual information and meeting activity even after the live session ends. Because this skill is specifically designed to capture and analyze Zoom RTMS streams, the context increases the danger: it systematically transforms transient screenshare data into easily shareable files without any disclosure or demonstrated consent check in this file.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill metadata explicitly advertises capture of audio, video, transcript, screenshare, chat, AI analysis, and WhatsApp notifications, but provides no corresponding disclosure about consent, retention, sharing, or handling of sensitive meeting data. In a meeting-recording context this increases privacy and compliance risk because users may invoke the skill without understanding that highly sensitive communications and content are being collected and forwarded to downstream systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The prompt explicitly ingests raw meeting transcripts, attendance/event timelines, and screen-share images, all of which commonly contain highly sensitive business or personal data. Because the skill is designed for automated processing and summarization of this content without any embedded privacy guardrails, consent checks, minimization rules, or warnings about sensitive data handling, it creates a real risk of exposing confidential information to downstream models, logs, notifications, or unauthorized recipients.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This function persistently writes meeting transcript content, speaker names, and timestamps to local .vtt, .srt, and .txt files without any indication of consent checks, notice, minimization, or access control in this code path. In the context of a Zoom RTMS meeting assistant, this is especially sensitive because it handles real-time communications data that may include confidential business discussions or personal information, so silent storage materially increases privacy, compliance, and data exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal