ClawHub

meeting-transcript-to-summary

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward meeting-transcript summarizer, but its README contains generic API-key and write-mode documentation that users should clarify before use.

Install only if you are comfortable pasting meeting transcripts into your agent session. Avoid including secrets, regulated personal data, or confidential internal discussions unless you are authorized. Before using any API key or write mode mentioned in the README, confirm what service is being used, whether transcript text leaves your environment, and where any outputs are written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README documents a write mode without explaining what data may be modified, where outputs are written, or what safeguards exist. In a skill that processes meeting transcripts, ambiguous write behavior can lead to accidental overwrites, unsafe file handling, or unauthorized persistence of sensitive meeting content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Referencing an API key without disclosing whether meeting transcripts are sent to an external service creates a meaningful privacy and security risk. Users may unknowingly transmit sensitive internal discussions, action items, or ownership data to third-party infrastructure without understanding retention, logging, or compliance implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill solicits pasted meeting transcripts, which commonly contain sensitive business, HR, customer, or personal information, but it does not provide a clear user-facing privacy warning before processing. That increases the risk that users will submit confidential data without understanding retention, exposure, or minimization expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal