Back to skill

Security audit

Zoom Manager

Security checks across malware telemetry and agentic risk

Overview

This Zoom skill mostly does what it advertises, but it should be reviewed because it can use broad Zoom admin credentials to create cloud-recorded meetings and delete meetings without built-in safeguards.

Install only with a dedicated least-privilege Zoom Server-to-Server OAuth app. Avoid granting recording-read access unless needed, confirm your legal and workplace rules before enabling automatic cloud recording, and require human confirmation before any update or delete command is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares required binaries and secrets but does not explicitly declare permissions even though its documented behavior clearly requires environment access, file reads, and outbound network access. This weakens transparency and reviewability, making it easier for users to enable a skill with broader operational capability than is obvious from its permission model.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script adds a read capability to retrieve detailed meeting information, but the skill metadata only describes create, list, delete, and update operations. This mismatch expands the effective permission/use surface of the skill and can expose meeting metadata unexpectedly to users or downstream agents that rely on the manifest for trust and scoping.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes a delete command for meetings but the user-facing description does not clearly warn that it performs irreversible destructive actions. In an agentic or natural-language workflow, this increases the chance of accidental deletion or unsafe invocation without adequate user confirmation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises automated cloud recording by default without a prominent privacy warning, even though recording can capture sensitive participant audio, video, chat, and metadata. Default recording behavior is especially risky in enterprise contexts because users may invoke the skill without realizing meetings will be retained in the cloud.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs an irreversible destructive action against Zoom meetings immediately from a single command-line argument, with no confirmation prompt, dry-run mode, ownership validation, or safety interlock. In an agent-skill context, this raises the chance of accidental or unauthorized deletion if the tool is invoked with the wrong meeting ID or by upstream automation without adequate human review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script loads client credentials from a local config file and uses them to obtain an OAuth token without any user-facing disclosure, consent, or guardrails. In an agent skill context, this increases the risk of silent access to account-scoped Zoom data and actions, especially if users or operators are unaware that embedded secrets are being used behind the scenes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/zoom-cli.js:10

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/create_meeting.py:28

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/delete_meeting.py:37