Zoom Unofficial Community Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zoom-unofficial-community-skill Version: 0.0.5 The OpenClaw skill is designed to interact with the Zoom API for managing meetings, recordings, chat, and user information. The `scripts/zoom.py` script handles authentication using Server-to-Server OAuth credentials from environment variables or a `.env` file, caching the access token temporarily in `/tmp/zoom_token.json`. File operations are limited to downloading Zoom content (recordings, transcripts, summaries) to specified local directories. There is no evidence of data exfiltration to external endpoints, malicious execution of untrusted code, persistence mechanisms, or prompt injection attempts in the documentation (`SKILL.md`, `README.md`) to manipulate the agent into harmful actions. The use of `pip3 install --break-system-packages` is a system hygiene concern but not indicative of malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install or enable the skill without seeing that it needs powerful Zoom account credentials capable of reading and changing account data.
The registry-facing metadata under-declares the credential and capability boundary even though the skill documentation requires Zoom OAuth credentials and admin-level scopes.
Required env vars: none; Env var declarations: none; Primary credential: none; Capability signals: No capability tags were derived.
Update the registry metadata/capability declarations to clearly list the required Zoom OAuth credentials, python3 dependency, and high-impact Zoom API capabilities.
A Zoom access token with the configured scopes could be exposed to other local processes or users depending on the host environment and default file permissions.
The script writes the OAuth token response to a predictable file in /tmp and the visible code does not set restrictive permissions.
TOKEN_CACHE = "/tmp/zoom_token.json"
...
with open(TOKEN_CACHE, "w") as f:
json.dump(data, f)Store tokens in a user-private skill directory, create the file with mode 0600, avoid shared temp paths, and provide a cleanup/logout command.
If invoked without care, the agent could delete Zoom resources, send messages as the configured account, or start live meeting media streaming.
The skill documents account-visible and potentially destructive actions, including deletes, chat posting, and starting RTMS for live meetings.
python3 scripts/zoom.py meetings delete <meeting_id> ... python3 scripts/zoom.py recordings delete <meeting_id> ... python3 scripts/zoom.py chat send <channel_id> "Hello team!" ... python3 scripts/zoom.py meetings rtms-start <meeting_id>
Require explicit user confirmation for deletes, chat sends/DMs, and RTMS start/stop actions, and grant only the Zoom scopes needed for the commands you plan to use.
Dependency versions may change over time, and installing into the system Python environment can affect other tools on the machine.
The documented setup installs unpinned Python packages and uses --break-system-packages, which can modify the system Python environment.
pip3 install requests PyJWT --break-system-packages
Prefer a virtual environment and pinned dependency versions, or provide a locked install specification.