Back to skill
Skillv1.0.0
VirusTotal security
Meeting Assistant · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:15 AM
- Hash
- 65e3e5826d93a0ac2b51a57af640cbdfa365943808047d85d1c886c463268532
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: meeting-assistant-eva Version: 1.0.0 The meeting-assistant-eva skill provides a complex AI-powered meeting bot that joins Zoom, Teams, and Google Meet sessions to record audio, capture screenshots, and interact via chat. While these capabilities are aligned with its stated purpose, the skill possesses high-risk behaviors including system-level audio/screen capture (scripts/audio_capture.py, scripts/meeting_monitor.py) and extensive subprocess execution. A significant vulnerability exists in scripts/claude_client.py, where meeting transcripts and chat messages from untrusted participants are directly incorporated into prompts sent to the Claude AI, creating a high-risk surface for prompt injection attacks. Additionally, it relies on a third-party Dockerized service (Vexa) and hardcoded credentials in config.json and docker-compose.yml.
- External report
- View on VirusTotal