ClawHub
Back to skill

Security audit

Meeting Quality Scorer

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but users should treat meeting transcripts as sensitive because they are sent to the configured LLM endpoint.

Install only if you are comfortable sending meeting transcript contents to the LLM provider you configure. Prefer a trusted local or approved provider for confidential, legal, HR, or regulated meetings, and pin/update dependencies before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keywords include broad natural-language phrases such as 'score this meeting' and 'rate the meeting' that are likely to appear in ordinary conversation or unrelated contexts. This can cause unintended skill activation, leading to accidental transcript processing, file access, or transmission of sensitive meeting content to a configured LLM endpoint without the user's explicit intent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The function sends the full meeting transcript to an arbitrary OpenAI-compatible LLM endpoint via llm.chat() with no consent, warning, minimization, or visible trust boundary in this file. Meeting transcripts often contain sensitive business or personal data, so silent transmission to third-party or self-configured providers can cause unintended data disclosure and compliance/privacy issues.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This second analysis path independently sends the transcript to the LLM again, increasing exposure of the same sensitive meeting content without any explicit warning in this file. Repeated full-transcript submission broadens privacy risk, especially because the skill is designed to work with many OpenAI-compatible endpoints of varying trustworthiness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends full transcript content to a configurable LLM endpoint, which may be a remote network service, without any explicit user warning or confirmation about data transmission. Meeting transcripts commonly contain sensitive business, personal, or regulated information, so silent exfiltration to third-party infrastructure creates a real confidentiality risk in this skill context.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
pyyaml>=6.0
jinja2>=3.1.0
pytest>=8.0.0
Confidence
94% confidence
Finding
openai>=1.30.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
pyyaml>=6.0
jinja2>=3.1.0
pytest>=8.0.0
Confidence
94% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
pyyaml>=6.0
jinja2>=3.1.0
pytest>=8.0.0
Confidence
97% confidence
Finding
jinja2>=3.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
pyyaml>=6.0
jinja2>=3.1.0
pytest>=8.0.0
Confidence
90% confidence
Finding
pytest>=8.0.0

Known Vulnerable Dependency: jinja2==3.1.0 — 5 advisory(ies): CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho); CVE-2024-56201 (Jinja has a sandbox breakout through malicious filenames); CVE-2024-22195 (Jinja vulnerable to HTML attribute injection when passing user input as keys to ) +2 more

Low
Category
Supply Chain
Confidence
91% confidence
Finding
jinja2==3.1.0

Known Vulnerable Dependency: pytest==8.0.0 — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
78% confidence
Finding
pytest==8.0.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal