ClawHub

Zoom Unofficial Community Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Zoom automation skill, but it needs review because it can perform sensitive Zoom account actions and caches OAuth tokens in a predictable temporary file.

Install only if you are comfortable granting a dedicated Zoom OAuth app access to the specific Zoom data and actions you need. Use the minimum scopes, protect the .env file, avoid committing credentials, prefer a virtual environment for dependencies, and require explicit user confirmation before delete, send-message, RTMS, or download commands. Consider changing the token cache to a private user directory with 0600 permissions before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The implementation includes RTMS live-meeting controls and Zoom Phone call-log access beyond the declared skill scope. This scope mismatch is dangerous because users or reviewers may grant trust and credentials for meetings/chat management without realizing the skill can also access additional sensitive operational and communications data.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill writes OAuth tokens and downloaded meeting artifacts to local disk, but the manifest does not disclose this storage/export behavior. Undisclosed persistence is risky because users may assume a pure API proxy while the tool leaves sensitive credentials, recordings, transcripts, and summaries on the host filesystem.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises high-risk capabilities such as deleting recordings, downloading transcripts and AI summaries, sending chat messages, monitoring live meetings, and controlling RTMS, but it does not prominently warn users about consent, least-privilege scopes, destructive effects, or privacy implications. In an agent-skill context, this is dangerous because an LLM-driven agent may expose or invoke sensitive actions on behalf of a user without sufficiently explicit safeguards or user confirmation expectations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text is very broad (e.g., use for meetings, calendar, chat, contacts, or any Zoom Workplace feature), which makes unintended invocation more likely during ordinary user requests. In this context, accidental invocation is risky because the skill can perform privileged reads, sends, deletions, and downloads against a corporate Zoom tenant.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown documents destructive and privacy-impacting operations such as deleting meetings/recordings, sending chat/DM messages, reading contacts, retrieving phone logs, and downloading recordings/transcripts/AI summaries, but gives no warning or consent guidance. In a skill that interfaces with enterprise collaboration data, lack of user-facing warnings materially raises the chance of accidental data loss, unauthorized messaging, or exposure of sensitive meeting artifacts on local storage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation tells users to place long-lived Zoom OAuth credentials in a workspace .env file but does not warn about secure secret handling, exclusion from version control, access restrictions, or safer secret storage options. In an agent/workspace environment, this increases the chance that highly privileged admin credentials are exposed through source control, logs, backups, or other tools with workspace access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The access token is cached to /tmp/zoom_token.json without any disclosure and without setting restrictive permissions. On multi-user systems, /tmp storage and default file permissions can expose bearer tokens to other local users or processes, enabling unauthorized Zoom API access until expiration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Recording downloads persist potentially sensitive meeting media locally with no warning about retention or storage location. In a skill context, this matters because users may trigger the command expecting transient access while actually creating durable copies of confidential recordings on disk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Transcript and chat-related files often contain especially sensitive conversation content, action items, and names, yet the tool saves them locally without explicit notice. This increases the chance of unintended disclosure through backups, shared directories, or later host compromise.

Missing User Warnings

Low
Confidence
84% confidence
Finding
AI meeting summaries can still contain sensitive business content, and the script silently writes them to a markdown file. While lower impact than raw recordings or transcripts, undisclosed local persistence can still create confidentiality and compliance issues.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Defaulting meeting creation to Asia/Singapore when TZ is unset can cause meetings to be scheduled in the wrong timezone without user awareness. In a scheduling skill, silent locale assumptions can lead to missed meetings, accidental disclosure to unintended participants, or operational disruption.

Credential Access

High
Category
Privilege Escalation
Content
Click **Activate** on the **Activation** tab.

### Step 5: Configure .env

Add to your workspace `.env`:
Confidence
84% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
## Token Caching

The script caches the access token and auto-refreshes when expired (tokens last 1 hour).
Cache file: `/tmp/zoom_token.json`
Confidence
91% confidence
Finding
access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal