← 返回 Skills 市场
netanel-abergel

meeting-notetaker

作者 Netanel Abergel · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
85
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install meeting-notetaker
功能描述
Fetch and present meeting notes from monday.com Notetaker, or show the next upcoming meeting with full context prep. Use when: asked to summarize a meeting,...
安全使用建议
This skill's instructions explicitly tell the agent to 'source' a local .context file and to read Google Calendar credentials from a hardcoded path, but the skill metadata declares no required secrets or config paths. Sourcing a file can run arbitrary shell code and will expose any variables or secrets inside it. Before installing or enabling this skill: 1) ask the publisher to update the manifest to declare required config paths and credentials (and explain why each is needed), 2) inspect the actual .context and credentials files the skill will read to ensure they contain only expected configuration (not executable code or unrelated secrets), 3) confirm that the MCP tools referenced (get_notetaker_meetings, monday-api-mcp__create_item) exist and are trusted, and 4) if you cannot verify these, avoid enabling the skill or run it in an isolated/test account. The mismatch between declared requirements and runtime behavior is the main concern.
功能分析
Type: OpenClaw Skill Name: meeting-notetaker Version: 1.0.0 The skill is classified as suspicious because it explicitly instructs the AI agent to bypass standard tool abstractions and directly read sensitive credential files located at `/opt/ocana/openclaw/.gog/credentials.json` and a local `.context` file in `SKILL.md`. While these actions are framed as necessary workarounds for fetching calendar data and meeting notes, direct file-system access to credentials and environment variables represents a high-risk pattern that could be exploited. No evidence of intentional data exfiltration to unauthorized endpoints was found, but the instructions grant the agent excessive privilege over system-level secrets.
能力评估
Purpose & Capability
The described purpose (fetch monday.com Notetaker meeting notes and optionally prepare 'next meeting' context) is reasonable, but the SKILL.md requires access to local Google Calendar credentials (/opt/ocana/openclaw/.gog/credentials.json) and a local .context file. The skill metadata declares no required env vars or config paths, so the runtime requirements do not match the manifest. Requesting Google Calendar access is coherent for 'next meeting' mode, but it should be declared explicitly; the current mismatch is unexplained.
Instruction Scope
The instructions tell the agent to source a local file (.context) and to directly use Google Calendar API with credentials from a hardcoded local path. Sourcing arbitrary files (source "$CONTEXT_FILE") can execute code and expose any variables in that file. The SKILL.md also references MCP tools (get_notetaker_meetings, monday-api-mcp__create_item) without declaring them. The instructions therefore access local secrets and execute shell operations outside the stated manifest scope.
Install Mechanism
No install spec or code files are included; the skill is instruction-only, so there is nothing being downloaded or installed by the manifest itself.
Credentials
The manifest lists no required environment variables or config paths, yet runtime instructions expect OWNER_EMAIL, CALENDAR_ID, GOG_CREDS and a specific credentials file. That is disproportionate and opaque: a skill that needs Google credentials should declare them explicitly and justify access. The implicit expectation that sensitive credential files exist at hardcoded paths is a red flag.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in metadata. However, because it instructs the agent to read local credential files and source a local .context file, an autonomously-invoked agent could access those secrets whenever the skill runs. This is a notable operational risk even though 'always' is false.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install meeting-notetaker
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /meeting-notetaker 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish from Heleni workspace
元数据
Slug meeting-notetaker
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

meeting-notetaker 是什么?

Fetch and present meeting notes from monday.com Notetaker, or show the next upcoming meeting with full context prep. Use when: asked to summarize a meeting,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。

如何安装 meeting-notetaker?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install meeting-notetaker」即可一键安装,无需额外配置。

meeting-notetaker 是免费的吗?

是的,meeting-notetaker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

meeting-notetaker 支持哪些平台?

meeting-notetaker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 meeting-notetaker?

由 Netanel Abergel(@netanel-abergel)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论