← 返回 Skills 市场
zeron-g

Meeting Assistant

作者 Rongze Gao · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
277
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install meeting-assistant-eva
功能描述
Zoom/Teams/Meet 远程会议AI助手。Use when: user asks to join a meeting, monitor a meeting, record a meeting, assist in a medical consultation, help doctor-patient co...
安全使用建议
Before installing or running this skill, consider the following: 1) Do not run it on a production machine or one with sensitive data — use an isolated VM or disposable environment. 2) The repo embeds tokens and secrets in config.json and docker-compose (Vexa API token, ADMIN_API_TOKEN, ZOOM_CLIENT_SECRET). Treat these as leaked credentials: rotate or remove them and replace with your own secrets stored securely (not committed). 3) The skill records audio, chat, and screenshots and can operate in a 'medical' mode that may collect PHI. Confirm legal/compliance requirements (consent, retention, encryption) and add enforced encryption/ACLs for recordings before using. 4) The skill sends data to Anthropic/Claude and runs third-party containers; verify you are comfortable with that network exposure and review the container images (vexaai/vexa-lite, fedirz/faster-whisper-server) before pulling. 5) If you plan to use it, remove hardcoded secrets, set ANTHROPIC_API_KEY securely, audit containers for unexpected network egress, and test in an isolated environment. 6) If you cannot inspect or validate the embedded tokens and images, do not install — contact the skill author or obtain a vetted distribution.
功能分析
Type: OpenClaw Skill Name: meeting-assistant-eva Version: 1.0.0 The meeting-assistant-eva skill provides a complex AI-powered meeting bot that joins Zoom, Teams, and Google Meet sessions to record audio, capture screenshots, and interact via chat. While these capabilities are aligned with its stated purpose, the skill possesses high-risk behaviors including system-level audio/screen capture (scripts/audio_capture.py, scripts/meeting_monitor.py) and extensive subprocess execution. A significant vulnerability exists in scripts/claude_client.py, where meeting transcripts and chat messages from untrusted participants are directly incorporated into prompts sent to the Claude AI, creating a high-risk surface for prompt injection attacks. Additionally, it relies on a third-party Dockerized service (Vexa) and hardcoded credentials in config.json and docker-compose.yml.
能力评估
Purpose & Capability
The code and documentation match the stated purpose: joining meetings, reading chat, transcribing audio, taking screenshots, and calling Anthropic (Claude) for analysis. However, the repository contains Docker and config files that embed service credentials (Vexa API key, Zoom client secret, admin tokens) and references to local tooling (conda path, Windows path copies). The presence of those credentials in config/docker-compose is disproportionate to a simple SKILL.md-only descriptor and should be treated as potential leaked/embedded secrets.
Instruction Scope
Runtime instructions explicitly tell the agent to join meetings as a bot, poll meeting chat, capture screenshots and audio, persist transcripts/screenshots/analysis to disk, and (in medical mode) highlight prescriptions/diagnoses. That scope is consistent with the description, but it also means the skill will collect potentially sensitive personal health information (PHI) and recordings. The SKILL.md and docs mention 'recordings' and 'encrypted storage' as a guideline but do not enforce or implement encryption, access control, or retention policies. The instructions also direct network traffic to external services (Anthropic API) and local Docker endpoints (vexa/whisper), which is expected but increases data exposure.
Install Mechanism
There is no formal install spec in the registry metadata (instruction-only), but the package includes a docker-compose.yml that will pull multiple public images (vexaai/vexa-lite, fedirz/faster-whisper-server, postgres, python). Pulling and running those images will execute third-party binaries/containers on the host. That is expected for a local meeting-bot, but it is higher friction and higher-risk than an instruction-only text skill because arbitrary container images will run on your machine. The compose file also mounts a host path (Windows temp) into a container for whisper_proxy, which requires care.
Credentials
Registry metadata declared no required env vars or primary credential, but the included config.json and docker-compose embed multiple sensitive values: a Vexa user token (dGosC39...), ADMIN_API_TOKEN, ZOOM_CLIENT_ID and ZOOM_CLIENT_SECRET, TRANSCRIBER API keys, and placeholders for ANTHROPIC_API_KEY. These credentials are present in repo files and compose env blocks, yet the skill metadata did not declare them. That mismatch is a significant red flag: either the repo accidentally includes real credentials, or it expects secrets but fails to declare them. Additionally, the skill handles PHI in 'medical' mode, which increases required protection for stored data; no robust protection is implemented in the files reviewed.
Persistence & Privilege
The skill runs background processes (daemon via subprocess.Popen), stores state files (.assistant_state.json, .assistant_daemon.log) and session recordings/transcripts/screenshots under recordings/. It does not request always:true and is not marked to be force-included, but because it can be invoked autonomously (normal default), its ability to spawn processes and persist recordings increases the blast radius if misused. The code also suggests integration with other local skills (pc-control, TTS, agent-browser), which grants it broader control of the host if those integrations are present.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install meeting-assistant-eva
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /meeting-assistant-eva 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: AI-powered Zoom/Teams/Meet bot with real-time transcription, Claude AI chat replies, and medical assistant mode
元数据
Slug meeting-assistant-eva
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Meeting Assistant 是什么?

Zoom/Teams/Meet 远程会议AI助手。Use when: user asks to join a meeting, monitor a meeting, record a meeting, assist in a medical consultation, help doctor-patient co... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 277 次。

如何安装 Meeting Assistant?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install meeting-assistant-eva」即可一键安装,无需额外配置。

Meeting Assistant 是免费的吗?

是的,Meeting Assistant 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Meeting Assistant 支持哪些平台?

Meeting Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Meeting Assistant?

由 Rongze Gao(@zeron-g)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论