ClawHub
Back to skill

Security audit

meeting-secretary

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent meeting-notes helper, but users should treat transcripts and recordings as sensitive before using it.

Install only if you are comfortable providing the meeting content to the AI environment you use. Redact secrets and unnecessary personal data, confirm participant consent and organizational approval for confidential or regulated meetings, and review any optional audio/video tooling separately because only the transcript-splitting script is included here.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to paste meeting transcripts directly into an AI workflow without any warning about confidentiality, personal data, trade secrets, or consent requirements. Because meeting transcripts commonly contain sensitive business discussions and personal information, this omission can lead users to disclose protected data to external systems or improperly configured local deployments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Meeting transcripts frequently contain sensitive business information, personal data, credentials, financial details, or legal/HR content. A skill that encourages ingestion and processing of such material without any privacy warning, minimization guidance, or handling constraints increases the chance of accidental exposure, over-collection, and unsafe downstream storage or sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This guidance encourages users to process meeting audio/video and submit transcripts, keyframes, and slides to AI analysis workflows, but it omits any warning about consent, confidentiality, or handling of sensitive data. In the context of a meeting-secretary skill, this increases the risk of unauthorized disclosure of internal discussions, personal data, trade secrets, or regulated information because users may treat the workflow as routine and safe by default.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal