Meeting Minutes Workflow
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Malicious or simply malformed meeting notes could cause the sync command to behave unexpectedly, potentially running unintended local shell commands.
The rendered meeting content comes from user/context-provided notes and is placed directly inside a bash command argument. If executed through a shell, content containing quotes, backticks, or command substitutions could alter the command or trigger unintended execution.
python3 .claude/skills/feishu-doc/scripts/doc_ctl.py create "会议纪要 - {title} ({date})" --content "{rendered_content}"Do not pass raw rendered meeting text through a shell command. Use a temporary content file, stdin, or a tool API with argument arrays, and safely escape or validate all user-controlled fields.
Meeting notes, attendees, decisions, and action items could be uploaded to Feishu or shared with people using the user's account permissions, even when the user only intended to format minutes locally.
The workflow directs creation of a Feishu document and optional sharing or ownership grants using the user's Feishu-capable environment, but it does not require explicit confirmation of the upload, recipients, or permission level.
Sync to Feishu — If feishu-doc skill is available, create a Feishu doc with the rendered content ... Use `--share` or `--owner` to grant access to attendees.
Require explicit user approval before syncing or sharing, show the exact document title/content destination, list recipients and permission levels, and avoid owner-level grants unless specifically requested.
Action items, owners, deadlines, and statuses may remain stored and reused later by the agent.
The skill intentionally persists structured action items for later follow-up, which is aligned with the stated purpose but retains meeting-derived data across interactions.
Save to `memory/action-items-{date}.json` for follow-up tracking.Tell users where the file is stored, allow opt-out or deletion, and avoid storing sensitive meeting details unless the user wants persistent tracking.