ClawHub

腾讯会议

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Tencent Meeting assistant that uses your Tencent Meeting token to manage meetings and retrieve meeting-related content from Tencent's MCP endpoint.

Install this only if you trust the Tencent Meeting MCP endpoint and are comfortable giving the skill access to the Tencent Meeting account represented by TENCENT_MEETING_TOKEN. Be aware it can retrieve confidential meeting material such as attendees, recordings, download links, transcripts, and AI minutes, and it may display trace IDs and send basic OS metadata for requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to always display X-Tc-Trace or rpcUuid values to the user. Trace identifiers can expose backend metadata useful for correlation, support impersonation attempts, log enumeration, or sharing of internal request identifiers beyond need-to-know, especially in multi-tenant enterprise settings.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill enables retrieval of participant lists, recordings, transcripts, download URLs, and AI meeting minutes without requiring an explicit privacy notice, consent check, or authorization confirmation tied to sensitive meeting content. In context, this is more dangerous because Tencent Meeting data often contains confidential business discussions, personal data, and downloadable media that can materially increase privacy and data-leak risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When callers supply an _client_info object, the script silently overwrites its os field with the host's real OS name before forwarding the request upstream. This leaks local system metadata to the remote MCP service without an explicit user-facing warning or consent step, creating unnecessary fingerprinting and privacy exposure even if the data item is limited.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal