meeting-minutes-qa-tts
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its meeting-summary-and-audio purpose, but it ships with pre-filled meeting memory that exposes prior meeting text and could be reused as stale context.
Review and delete the bundled `memory/latest_meeting.json` and `memory/current_meeting.json` before use. Only provide meeting files or URLs you intend to store locally, choose safe MP3 output paths, and use `SENSEAUDIO_API_KEY` only if SenseAudio is approved for the meeting content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A new user may receive someone else's meeting content with the skill, and the agent may accidentally answer from stale saved memory if it is not cleared before use.
The package includes a non-empty default meeting-memory file containing a specific prior meeting note and local source path, rather than an empty per-user memory file.
"source_location": "D:\\周报\\会议纪要\\20260114周会.txt", "meeting_text": "20260114周会\n方法\n1. 持续学习...
Ship the skill with empty memory files or no memory files at all, clear bundled meeting data before installation, and make memory creation/retention explicit to the user.
Meeting summaries or answers may leave the local environment for speech generation.
The TTS helper sends prepared summary or answer text to the external SenseAudio API to generate audio.
API_URL = "https://api.senseaudio.cn/v1/t2a_v2" ... "text": prepared["text"] ... requests.post(API_URL, headers=headers, json=payload, timeout=REQUEST_TIMEOUT)
Use the skill only for meeting content that is allowed to be processed by SenseAudio, and avoid sending confidential material unless the provider is approved.
The skill can make SenseAudio API calls under the user's configured account or key.
The skill uses a provider API key from the environment when available, which is expected for the TTS integration but still uses the user's SenseAudio credential.
Before asking the user for a SenseAudio API key, first check whether `SENSEAUDIO_API_KEY` is already configured in the environment and use it directly when present.
Set `SENSEAUDIO_API_KEY` only if you intend this skill to use it, and rotate the key if it is ever pasted or exposed.
The skill can read the meeting source you provide and write an MP3 file where you tell it to save one.
The helper can fetch a user-provided URL or read a local path, then write generated audio bytes to a user-provided output path.
if location.startswith(("http://", "https://")): response = requests.get(location, timeout=REQUEST_TIMEOUT) ... final_output_path.write_bytes(audio_bytes)Provide only intended meeting files or URLs, choose safe output paths, and avoid overwriting important files.