← Back to Skills Marketplace
Zoom Unofficial Community Skill
by
Tan Chun Siong
· GitHub ↗
· v0.0.5
2315
Downloads
1
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install zoom-unofficial-community-skill
Description
Zoom API integration for meetings, calendar, chat, and user management. Use when the user asks to schedule meetings, check Zoom calendar, list recordings, send Zoom chat messages, manage contacts, or interact with any Zoom Workplace feature. Supports Server-to-Server OAuth and OAuth apps.
Usage Guidance
This package appears to be an honest Zoom CLI/skill, but you should still take normal precautions: only install if you trust the source (homepage is missing), and create a dedicated Server-to-Server OAuth app for this use with the smallest set of scopes required. Keep your .env (client secret/account id) private and consider running the tool in an isolated environment. The tool will cache tokens to /tmp/zoom_token.json and can control RTMS (starting/stopping real-time streams) if you provide ZOOM_RTMS_CLIENT_ID — RTMS control can expose meeting media, so only enable that for trusted RTMS apps. If you later stop using the skill, rotate the OAuth credentials. If you want further assurance, review the remainder of scripts/zoom.py (only a truncated portion was shown) and confirm no unexpected network endpoints or file writes beyond the described behavior.
Capability Analysis
Type: OpenClaw Skill
Name: zoom-unofficial-community-skill
Version: 0.0.5
The OpenClaw skill is designed to interact with the Zoom API for managing meetings, recordings, chat, and user information. The `scripts/zoom.py` script handles authentication using Server-to-Server OAuth credentials from environment variables or a `.env` file, caching the access token temporarily in `/tmp/zoom_token.json`. File operations are limited to downloading Zoom content (recordings, transcripts, summaries) to specified local directories. There is no evidence of data exfiltration to external endpoints, malicious execution of untrusted code, persistence mechanisms, or prompt injection attempts in the documentation (`SKILL.md`, `README.md`) to manipulate the agent into harmful actions. The use of `pip3 install --break-system-packages` is a system hygiene concern but not indicative of malicious intent.
Capability Assessment
Purpose & Capability
The skill is a Zoom API CLI and only asks for Zoom-related credentials (Account ID, Client ID, Client Secret, optional user email and RTMS client ID). The declared python3 binary and the included script align with the described functionality (meetings, recordings, chat, RTMS). There are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md and the CLI script instruct the agent to load a .env file, install requests/PyJWT, and call Zoom REST endpoints. The script reads .env from the workspace root and performs API calls only to Zoom endpoints; it does not instruct reading unrelated system files or sending data to unknown external endpoints. It does cache the OAuth token to /tmp/zoom_token.json (expected for token caching).
Install Mechanism
No install spec is provided (instruction-only), which is low risk. Runtime instructions recommend installing pip packages (requests, PyJWT) from PyPI — a standard dependency approach. There are no downloads from untrusted hosts or archive extraction steps in the install process.
Credentials
The skill requires Zoom Server-to-Server credentials (Account ID, Client ID, Client Secret), which are appropriate for its functionality. It also optionally uses ZOOM_USER_EMAIL and ZOOM_RTMS_CLIENT_ID for user-targeted actions and RTMS control. Note: secrets are expected to be stored in a .env file and a short-lived access token is cached to /tmp/zoom_token.json — treat these files as sensitive. Ensure you grant only minimal scopes required for the commands you intend to use.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It writes a token cache to /tmp (normal) and loads a .env file in the workspace (expected). It does not modify other skills or system-wide agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zoom-unofficial-community-skill - After installation, invoke the skill by name or use
/zoom-unofficial-community-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.5
Version 0.0.5 of zoom-unofficial-community-skill
- No file changes detected in this release.
- Functionality and documentation remain unchanged from the previous version.
v0.0.4
- Removed the webhook integration script (scripts/webhook.py) from the skill.
- No user-facing command or documentation changes.
- Internal codebase simplification by eliminating unused or obsolete webhook functionality.
v0.0.3
- Added README.md and skill.json for improved documentation and metadata.
- Introduced support for listing live meetings and Remote Telemetry Monitoring Service (RTMS) commands (`rtms-start`, `rtms-stop`).
- Expanded authentication setup instructions, including RTMS app requirements.
- Added new recording download commands: transcript-only download and AI summary export.
- Updated SKILL.md with detailed examples and new features.
v0.0.2
- Removed legacy script: deleted scripts/zoom.py.
- Updated documentation (SKILL.md) to include new commands for downloading cloud recordings and accessing AI Meeting Summaries (AI Companion).
- Added required OAuth scope for AI Meeting Summaries (meeting_summary:read:admin).
- Documentation reflects current capabilities and expanded usage instructions.
v0.0.1
Initial public release of zoom-unofficial-community-skill
- Integrates with the Zoom API to manage meetings, calendar, team chat, contacts, recordings, users, and Zoom Phone.
- Provides command-line utility (`scripts/zoom.py`) to list, create, update, and delete meetings; access recordings; manage chat channels/messages; and retrieve user or call info.
- Supports both Server-to-Server OAuth and OAuth app authentication.
- Includes comprehensive setup, required scopes, and usage documentation.
Metadata
Frequently Asked Questions
What is Zoom Unofficial Community Skill?
Zoom API integration for meetings, calendar, chat, and user management. Use when the user asks to schedule meetings, check Zoom calendar, list recordings, send Zoom chat messages, manage contacts, or interact with any Zoom Workplace feature. Supports Server-to-Server OAuth and OAuth apps. It is an AI Agent Skill for Claude Code / OpenClaw, with 2315 downloads so far.
How do I install Zoom Unofficial Community Skill?
Run "/install zoom-unofficial-community-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Zoom Unofficial Community Skill free?
Yes, Zoom Unofficial Community Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Zoom Unofficial Community Skill support?
Zoom Unofficial Community Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Zoom Unofficial Community Skill?
It is built and maintained by Tan Chun Siong (@tanchunsiong); the current version is v0.0.5.
More Skills