← 返回 Skills 市场
210
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install andara-meeting-minutes
功能描述
Capture meeting summaries and action items from voice or text
使用说明 (SKILL.md)
Meeting Minutes Skill
When ATTi or a team member sends a meeting summary (voice or text), save it as a structured record.
Trigger
When user says something like "Meeting Notes:", "Besprechungsnotizen:", or "save meeting" — parse the content and store it.
Steps
-
Extract the meeting topic, attendees, decisions, and action items from the message.
-
Save to PostgreSQL using bash + psql:
psql "$DATABASE_URL" -c "
INSERT INTO team_meetings (title, summary, attendees, meeting_date, created_at)
VALUES ('TOPIC', 'SUMMARY', ARRAY['ATTENDEE1','ATTENDEE2'], NOW(), NOW())
RETURNING id;"
- For each action item, insert into meeting_action_items:
psql "$DATABASE_URL" -c "
INSERT INTO meeting_action_items (meeting_id, assignee, description, due_date, status, created_at)
VALUES (MEETING_ID, 'ASSIGNEE', 'TASK DESCRIPTION', 'DUE_DATE', 'pending', NOW());"
- Confirm to the user: "Meeting gespeichert ✅ — [X] Action Items erstellt."
Output Format
Reply in German with a structured summary:
- 📋 Meeting: [Title]
- 👥 Teilnehmer: [Names]
- ✅ Action Items: [List with assignees]
- 📅 Nächstes Treffen: [if mentioned]
安全使用建议
Before installing or enabling this skill, ask the developer to: 1) explicitly declare required binaries and environment variables (psql and DATABASE_URL) in the metadata; 2) provide a safer insertion method (use parameterized queries or a DB client library rather than constructing SQL inside bash) to eliminate SQL injection risk; 3) explain what data is stored and for how long, and ensure the DB uses least-privilege credentials (an insert-only, limited-scope role on a non-production/test DB first); 4) confirm the psql binary requirement and network access rules (which hosts/ports the skill will connect to); and 5) consider alternative designs that don't require direct DB credentials in the agent (e.g., a backend service or sanitized API). If the developer cannot supply these clarifications, treat the skill as unsafe to enable with access to any production database or sensitive meeting content.
功能分析
Type: OpenClaw Skill
Name: andara-meeting-minutes
Version: 1.0.0
The skill is highly vulnerable to SQL and shell injection attacks because it instructs the agent to execute bash commands using 'psql' with unvalidated user input (SKILL.md). While the stated purpose of saving meeting minutes is legitimate, the construction of shell strings using placeholders like 'TOPIC' and 'SUMMARY' without sanitization allows for potential command execution or database manipulation if a user provides crafted input.
能力评估
Purpose & Capability
The skill's purpose (capture meeting summaries/action items) legitimately may need a database. However, the SKILL.md expects a PostgreSQL connection (psql + $DATABASE_URL) even though the skill metadata declares no required env vars or binaries. That mismatch is incoherent: a DB URL and psql are expected for the stated functionality but are not declared.
Instruction Scope
Instructions tell the agent to parse user messages and execute psql commands via bash with data interpolated into SQL. The examples show direct substitution of parsed text into SQL executed in a shell, which is vulnerable to SQL injection and could leak arbitrary message contents to any database the agent can reach. The instructions do not specify input sanitization, parameterized queries, or limits on what is stored.
Install Mechanism
There is no install spec (instruction-only), which lowers install risk, but the runtime depends on the psql client being present and a reachable PostgreSQL endpoint. The metadata did not declare psql as a required binary or provide an install path, creating an operational and security blind spot.
Credentials
The SKILL.md relies on $DATABASE_URL (a credential/connection string) but the skill declares no required environment variables or primary credential. Requesting access to a database connection is proportionate for storing meetings, but the omission in metadata is a mismatch and a red flag—users would not be prompted to provide or review the DB credential beforehand.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent 'always' presence or other elevated platform privileges. Autonomous invocation is allowed (platform default) but not in itself unusual.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install andara-meeting-minutes - 安装完成后,直接呼叫该 Skill 的名称或使用
/andara-meeting-minutes触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of andara-meeting-minutes skill:
- Captures meeting summaries and action items from voice or text cues.
- Extracts topic, attendees, decisions, and action items from user input.
- Saves meeting data and action items to PostgreSQL database.
- Confirms successful saving and provides a structured summary reply in German.
元数据
常见问题
Andara Meeting Minutes 是什么?
Capture meeting summaries and action items from voice or text. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 210 次。
如何安装 Andara Meeting Minutes?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install andara-meeting-minutes」即可一键安装,无需额外配置。
Andara Meeting Minutes 是免费的吗?
是的,Andara Meeting Minutes 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Andara Meeting Minutes 支持哪些平台?
Andara Meeting Minutes 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Andara Meeting Minutes?
由 atiati82(@atiati82)开发并维护,当前版本 v1.0.0。
推荐 Skills