ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Meeting Helper

会议纪要生成器 - 自动将会议录音转为结构化纪要

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 37 · 0 current installs · 0 all-time installs
by@utopiabenben
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, SKILL.md, and skill.json all implement a meeting-transcription-and-summary tool that uses OpenAI Whisper and an LLM — requesting an OPENAI_API_KEY is coherent with that purpose. However, the top-level registry metadata provided to you (which claimed no required env vars / no primary credential) contradicts the included skill.json and SKILL.md that require OPENAI_API_KEY. The mismatch is unexpected and should be resolved before trusting the package metadata.
Instruction Scope
Runtime instructions and the Python code stay within the declared purpose: they read local audio files, call OpenAI APIs for transcription and summarization, format results, optionally backup original audio to a local .ai_meeting_backup/ directory, and write outputs. The instructions do not reference unrelated system paths, other credentials, or external endpoints beyond the OpenAI client.
Install Mechanism
Installation is a local install.sh that runs pip3 install openai python-dotenv (no virtualenv) and creates a .env template and backup/log directories in the skill folder. This uses a public PyPI package (openai) — not high risk by itself — but the script installs packages system-wide (no venv) which may be undesirable. No downloads from arbitrary URLs or obfuscated installers were found.
Credentials
The code requires a single credential (OPENAI_API_KEY), which is proportionate to the stated functionality. However, the provided registry metadata (at the top of this report) claims no required env vars/primary credential while skill.json and SKILL.md declare OPENAI_API_KEY required — that inconsistency is suspicious and could indicate sloppy packaging or metadata manipulation.
Persistence & Privilege
The skill does not request 'always: true' or elevated agent privileges. It creates and writes files only within its own skill directory (.env, .ai_meeting_backup/, .ai_meeting_logs/) and does not modify other skills or global agent config. Uninstall.sh offers to remove these files.
What to consider before installing
What to consider before installing: - Metadata mismatch: the skill.json and SKILL.md require OPENAI_API_KEY, but the top-level registry metadata claimed no required env vars. Treat that inconsistency as a red flag — confirm which metadata is authoritative before trusting automated installers. - Review code yourself (you have the files): the Python script uses only the OpenAI client and local file I/O; no hard-coded external endpoints or obfuscated code were found. If you don't review, install only in an isolated environment. - Install in a virtual environment or sandbox rather than system-wide (the install.sh runs pip3 install without a venv). This avoids contaminating global Python packages. - Backups: the tool will copy original audio into .ai_meeting_backup/. Those files can contain sensitive conversations — ensure you control that directory, or disable backup if not needed, and securely delete backups when appropriate. - API key scope and monitoring: provide an OpenAI key with appropriate usage controls; monitor usage and billing. If possible use an account with limited permissions or monitoring alerts. - Trust and provenance: owner is unknown and there's no homepage. If you need high assurance, request more provenance or prefer a skill from a known source. If you decide to proceed: run install.sh only after inspecting it, execute the tool inside a dedicated virtualenv or container, and consider auditing network traffic or logs during first runs. If you need help verifying specific lines of code or testing in a sandbox, provide the environment and I can help step through it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972mada0qxyzcq9erfrn9bgd582z2wcmeetingvk972mada0qxyzcq9erfrn9bgd582z2wcsummarizationvk972mada0qxyzcq9erfrn9bgd582z2wctranscriptionvk972mada0qxyzcq9erfrn9bgd582z2wc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI Meeting Helper - 会议纪要生成器

自动将会议录音转换为结构化会议纪要,包括行动项、决策点和待办事项。

功能

  • 🎙️ 语音转文字:使用 OpenAI Whisper API 将会议录音转为文本
  • 📋 自动总结:使用 LLM 分析对话内容,生成结构化纪要
  • 提取要点:自动识别行动项、决策点、待办事项
  • 📤 多格式输出:支持 Markdown、纯文本、JSON 格式
  • 🔄 批量处理:一次处理多个会议录音文件
  • 👀 预览模式:不实际生成文件,只显示预览
  • ↩️ 撤销功能:自动备份原始文件,可撤销操作

快速开始

1. 安装技能

clawhub install ai-meeting-helper
cd ~/.openclaw/workspace/skills/ai-meeting-helper
./install.sh

2. 配置 OpenAI API

export OPENAI_API_KEY="your-api-key"

3. 使用示例

# 单个文件处理
ai-meeting-helper process meeting_recording.mp3 --output meeting_notes.md

# 批量处理文件夹
ai-meeting-helper batch ./meetings/ --output ./notes/ --format markdown

# 预览模式(不生成文件)
ai-meeting-helper process meeting.mp3 --preview

# 启用撤销功能
ai-meeting-helper process meeting.mp3 --output notes.md --backup

参数

参数类型必需描述
input路径输入音频文件或目录
--output路径输出纪要文件路径(默认:当前目录)
--format选项输出格式:markdown/text/json(默认:markdown)
--model字符串Whisper 模型:tiny/base/small/medium/large(默认:base)
--llm-model字符串总结使用的 LLM 模型:gpt-4o/gpt-4o-mini(默认:gpt-4o-mini)
--preview布尔预览模式,不生成文件
--backup布尔启用备份(原始文件保存到 .ai_meeting_backup/)
--help布尔显示帮助信息

输出格式

Markdown(默认)

# 会议纪要

**日期**:2026-03-15  
**时长**:45分钟  
**参会人数**:5人

## 讨论要点

1. 讨论了Q1产品发布计划
2. 确定了市场营销策略
3. 分配了开发任务

## 行动项

- [ ] @张三:完成用户文档(3月20日前)
- [ ] @李四:设计海报素材(3月18日前)

## 决策点

- 采用A方案作为最终设计
- 预算增加10%

## 待办事项

- 下周一下午2点开会复盘

JSON

{
  "date": "2026-03-15",
  "duration": "45分钟",
  "participants": 5,
  "summary": "讨论了Q1产品发布计划...",
  "action_items": [
    {"assignee": "张三", "task": "完成用户文档", "due": "2026-03-20"}
  ],
  "decisions": ["采用A方案", "预算增加10%"],
  "todo": ["下周一下午2点开会复盘"]
}

技术栈

  • 语音识别:openai-whisper-api(需 OPENAI_API_KEY)
  • 文本处理:Python 标准库 + 正则
  • LLM 总结:OpenAI GPT-4o-mini(默认)或 GPT-4o
  • 文件处理:glob, json, pathlib

依赖

pip install openai python-dotenv

注意事项

  • 需要有效的 OpenAI API key
  • 音频文件支持:MP3, WAV, M4A, FLAC, OGG
  • 较大文件处理时间较长(建议 < 30 分钟音频)
  • 建议使用高质量录音以提高识别准确率

与其他技能配合

  • audio-note-taker:类似功能,但 ai-meeting-helper 专为会议场景优化,输出更结构化
  • wechat-formatter:生成的纪要可直接排版发布到公众号
  • social-publisher:纪要内容可一键分发到多平台

License

MIT

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…