Zoom Meeting Assistance Rtms Unofficial Community
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zoom-meeting-assistance-with-rtms-unofficial-community-skill Version: 0.1.3 The skill is classified as suspicious due to its use of `child_process.execFile` and `child_process.exec` in `chatWithClawdbot.js`, `convertMeetingMedia.js`, and `muxMixedAudioAndActiveSpeakerVideo.js` to execute external binaries (`openclaw` and `ffmpeg`). While these are used for the stated purpose of AI processing and media conversion, they represent broad capabilities that could be exploited if the `OPENCLAW_BIN` environment variable is compromised or if the `openclaw` CLI itself has vulnerabilities. Additionally, the skill employs extensive prompt engineering in files like `summary_prompt.md` and `query_prompt.md` to strictly control the AI agent's output format and behavior, which, while intended for functionality, highlights a significant prompt injection attack surface against the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Meeting audio, video, transcripts, or screenshare data could be exposed or tampered with by an attacker able to intercept or impersonate the media endpoint.
The media WebSocket is created with certificate verification disabled while the skill handles Zoom meeting media.
const mediaWs = new WebSocket(mediaUrl, { rejectUnauthorized: false });Do not disable TLS verification for Zoom/media connections. Validate certificates normally and only use a narrowly justified, documented exception if absolutely required.
If the webhook endpoint is reachable, a non-Zoom caller may be able to trigger start/stop processing, make the service connect to supplied URLs, create recordings, and send notifications.
The shown webhook handler processes request bodies and uses supplied server URLs to start RTMS connections before any visible Zoom signature or origin verification.
app.post(WEBHOOK_PATH, async (req, res) => { res.sendStatus(200); ... const { event, payload } = req.body; ... connectToSignalingWebSocket(meeting_uuid, rtms_stream_id, server_urls);Verify Zoom webhook signatures and timestamps before processing any event, reject unknown event types, and restrict public routing to only the intended webhook path.
Sensitive content or instructions from one meeting could influence analysis of later meetings or leak context across unrelated sessions.
All OpenClaw agent calls use the same fixed session ID, which can preserve or associate context across different meetings.
const args = ['agent', '--local', '--json', '--session-id', 'rtms-meeting-assistant', '--message', message];
Use a unique per-meeting session ID, clear agent memory after each meeting, and avoid persistent agent context unless the user explicitly opts in.
A participant could say or share text that attempts to redirect the AI agent's behavior, alter summaries, or influence notifications.
Raw meeting transcript text from participants is inserted into prompts and sent to an agent, with no visible instruction to treat transcript content as untrusted data.
const filledPrompt = dialogPromptTemplate.replace(/\{\{meeting_transcript\}\}/g, transcript); ... const response = await runOpenclaw(filledPrompt);Wrap transcripts in explicit untrusted-data delimiters, instruct the agent to ignore commands inside transcript content, and use a constrained non-tool model path for analysis where possible.
Anyone with access to the machine or skill folder may be able to read past transcripts, chats, summaries, and media files.
The skill intentionally creates persistent local archives of highly sensitive meeting content.
records all media ... audio, video, transcript, screenshare, and chat ... All recordings are stored organized by date
Use this only with participant consent, define retention/deletion rules, restrict file permissions, and avoid recording meetings containing secrets unless necessary.
Starting the service can lead to automatic local command execution after meetings end.
The skill runs local ffmpeg shell commands during media conversion, which is expected for the stated recording workflow but should be tightly scoped.
const command = `ffmpeg -f s16le -ar 16000 -ac 1 -i "${fullPath}" "${outputWav}"`; ... await runFFmpegCommand(command);Keep ffmpeg and OpenClaw binaries trusted, prefer argument-array execution over shell strings, and ensure all path components derived from events are sanitized.
Users must provide credentials that can authorize Zoom RTMS behavior; misconfiguration or over-scoped credentials could affect Zoom meetings.
The skill requires Zoom app/webhook credentials, which is purpose-aligned but not reflected in the registry's declared required env vars or primary credential.
ZOOM_SECRET_TOKEN — Zoom webhook secret token; ZOOM_CLIENT_ID — Zoom app Client ID; ZOOM_CLIENT_SECRET — Zoom app Client Secret
Use a dedicated Zoom app with the minimum required scopes, store secrets only in the local .env file, and rotate them if exposed.
Installation depends on local package resolution and system binaries outside the registry metadata.
The skill relies on manual npm dependency installation and an external ffmpeg binary, while the registry install spec does not declare these requirements.
cd skills/zoom-meeting-assistance-rtms-unofficial-community npm install Requires `ffmpeg` for post-meeting media conversion.
Review package.json/package-lock.json before installing, install ffmpeg from a trusted source, and prefer registry metadata that declares required binaries and environment variables.