Back to skill
Skillv1.0.0
ClawScan security
Meeting Transcript Action Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 2:41 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only extractor whose declared purpose (pulling decisions, action items, owners, and deadlines from a transcript) matches its instructions and it requests no installs, credentials, or unusual privileges.
- Guidance
- This skill is coherent and low-risk from a configuration perspective, but consider privacy and accuracy before use: only feed transcripts you are authorized to share, avoid pasting highly sensitive PII into any third‑party UI, and verify extracted owners, deadlines, and decisions (the skill can misattribute or miss context). If you use a separate speech‑to‑text service to create transcripts, prefer a trusted, privacy‑compliant provider and confirm recording consent. Overall, the skill itself asks for nothing sensitive and is safe to install from a permissions standpoint.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md workflow: the skill only needs a transcript and extracts decisions, action items, owners, and deadlines. There are no unrelated environment variables, binaries, or install steps requested that would be disproportionate to the stated purpose.
- Instruction Scope
- okRuntime instructions are narrowly scoped to reading a provided transcript and extracting structured items. The doc suggests converting audio to text (mentions third‑party STT tools) but does not instruct the agent to access unrelated files, credentials, or external endpoints. It explicitly forbids inventing facts and requires marking uncertainty.
- Install Mechanism
- okThere is no install specification and no code files — this is instruction-only, which minimizes risk because nothing is written to disk or executed as part of an install.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The lack of required secrets aligns with the simple transcript‑analysis purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges. It does not attempt to modify other skills or system settings.