Meeting Minutes AI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a meeting-minutes helper whose local file reading and writing are aligned with its stated purpose, with a privacy caution around saved meeting notes.

Install if you want a helper that turns meeting material into saved minutes. Before use, avoid feeding it confidential transcripts unless you are comfortable with a local markdown output file being created, and specify the destination path when privacy or workspace cleanliness matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to read user-provided meeting content and to write output files, but no explicit permission model or user-consent step is declared. This creates a capability mismatch: an agent may perform file access implicitly, increasing the risk of unauthorized local file reads from supplied paths and unintended writes to the workspace.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly directs the agent to save generated minutes into the current working directory without warning or obtaining user approval. Silent file creation can overwrite user expectations, leak sensitive meeting content into local storage, or create artifacts in unintended locations, especially because meeting transcripts often contain confidential business information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal