Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Meeting Assistant
v1.0.0Zoom/Teams/Meet 远程会议AI助手。Use when: user asks to join a meeting, monitor a meeting, record a meeting, assist in a medical consultation, help doctor-patient co...
⭐ 0· 183·0 current·0 all-time
byRongze Gao@zeron-g
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and documentation match the stated purpose: joining meetings, reading chat, transcribing audio, taking screenshots, and calling Anthropic (Claude) for analysis. However, the repository contains Docker and config files that embed service credentials (Vexa API key, Zoom client secret, admin tokens) and references to local tooling (conda path, Windows path copies). The presence of those credentials in config/docker-compose is disproportionate to a simple SKILL.md-only descriptor and should be treated as potential leaked/embedded secrets.
Instruction Scope
Runtime instructions explicitly tell the agent to join meetings as a bot, poll meeting chat, capture screenshots and audio, persist transcripts/screenshots/analysis to disk, and (in medical mode) highlight prescriptions/diagnoses. That scope is consistent with the description, but it also means the skill will collect potentially sensitive personal health information (PHI) and recordings. The SKILL.md and docs mention 'recordings' and 'encrypted storage' as a guideline but do not enforce or implement encryption, access control, or retention policies. The instructions also direct network traffic to external services (Anthropic API) and local Docker endpoints (vexa/whisper), which is expected but increases data exposure.
Install Mechanism
There is no formal install spec in the registry metadata (instruction-only), but the package includes a docker-compose.yml that will pull multiple public images (vexaai/vexa-lite, fedirz/faster-whisper-server, postgres, python). Pulling and running those images will execute third-party binaries/containers on the host. That is expected for a local meeting-bot, but it is higher friction and higher-risk than an instruction-only text skill because arbitrary container images will run on your machine. The compose file also mounts a host path (Windows temp) into a container for whisper_proxy, which requires care.
Credentials
Registry metadata declared no required env vars or primary credential, but the included config.json and docker-compose embed multiple sensitive values: a Vexa user token (dGosC39...), ADMIN_API_TOKEN, ZOOM_CLIENT_ID and ZOOM_CLIENT_SECRET, TRANSCRIBER API keys, and placeholders for ANTHROPIC_API_KEY. These credentials are present in repo files and compose env blocks, yet the skill metadata did not declare them. That mismatch is a significant red flag: either the repo accidentally includes real credentials, or it expects secrets but fails to declare them. Additionally, the skill handles PHI in 'medical' mode, which increases required protection for stored data; no robust protection is implemented in the files reviewed.
Persistence & Privilege
The skill runs background processes (daemon via subprocess.Popen), stores state files (.assistant_state.json, .assistant_daemon.log) and session recordings/transcripts/screenshots under recordings/. It does not request always:true and is not marked to be force-included, but because it can be invoked autonomously (normal default), its ability to spawn processes and persist recordings increases the blast radius if misused. The code also suggests integration with other local skills (pc-control, TTS, agent-browser), which grants it broader control of the host if those integrations are present.
What to consider before installing
Before installing or running this skill, consider the following: 1) Do not run it on a production machine or one with sensitive data — use an isolated VM or disposable environment. 2) The repo embeds tokens and secrets in config.json and docker-compose (Vexa API token, ADMIN_API_TOKEN, ZOOM_CLIENT_SECRET). Treat these as leaked credentials: rotate or remove them and replace with your own secrets stored securely (not committed). 3) The skill records audio, chat, and screenshots and can operate in a 'medical' mode that may collect PHI. Confirm legal/compliance requirements (consent, retention, encryption) and add enforced encryption/ACLs for recordings before using. 4) The skill sends data to Anthropic/Claude and runs third-party containers; verify you are comfortable with that network exposure and review the container images (vexaai/vexa-lite, fedirz/faster-whisper-server) before pulling. 5) If you plan to use it, remove hardcoded secrets, set ANTHROPIC_API_KEY securely, audit containers for unexpected network egress, and test in an isolated environment. 6) If you cannot inspect or validate the embedded tokens and images, do not install — contact the skill author or obtain a vetted distribution.Like a lobster shell, security has layers — review code before you run it.
latestvk978c6kqf1c7dwpax8kj1dc94582w3t1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.