ClawHub

Meeting Minutes Task Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill locally extracts tasks from meeting notes and includes an underdocumented paid-upgrade link, but it does not make network calls, charge users, persist data, or access broad local files.

Install only if you are comfortable with outputs including a paid-upgrade link containing the supplied user_id. Treat any payment link as untrusted unless you recognize the destination, and avoid using sensitive meeting notes if you do not trust the skill publisher.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill advertises simple task extraction, but static analysis indicates code can read files and access environment variables without declaring permissions. Undeclared capabilities reduce transparency and can hide access to sensitive local data or secrets, especially if meeting content or user identifiers are later combined with that data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The stated purpose is task extraction, but the implementation reportedly generates user-specific payment URLs, includes pricing metadata, and uses environment-configured payment endpoints. This hidden monetization behavior is a trust and security issue because it expands data handling and external-service interaction beyond user expectations, potentially enabling phishing-like flows, unintended data disclosure, or abuse of payment configuration.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill advertises simple meeting-minutes task extraction but embeds payment URL generation tied to a user identifier and returns upgrade/payment metadata on normal execution. This is a security-relevant trust boundary issue because it introduces billing and user-tracking behavior unrelated to the core function, creating risk of deceptive monetization, user redirection, or downstream misuse of identifiers if the URL template is altered via environment configuration.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code reads billing-related environment variables that are unrelated to task extraction, including a fully format-controlled payment URL template. This creates hidden behavior controlled outside the payload, enabling unexpected redirects or phishing-style links in outputs without any indication in the skill description, which increases the danger in an otherwise benign productivity context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal