Meeting Prep Agent

Never walk into a meeting unprepared again. Your agent researches all attendees before calendar events—pulling LinkedIn profiles, recent company news, mutual connections, and conversation starters. Generates a briefing doc with talking points, icebreakers, and context so you show up informed and confident. Triggered automatically before meetings or on-demand. Configure research depth, advance timing, and output format. Walking into meetings blind is amateur hour—missed connections, generic small talk, zero leverage. Use when setting up meeting intelligence, researching specific attendees, generating pre-meeting briefs, or automating your prep workflow.

This skill is not outright malicious, but there are important inconsistencies and privacy implications to consider before enabling it: - The description promises live web research (LinkedIn profiles, mutual connections, recent news), but the included scripts currently produce mock data rather than performing web fetches. That could mean the skill is a template/incomplete or that real web-scraping/network code may be added later. Treat the current package as a scaffolding, not a finished scraper. - The skill relies on the 'gog' calendar integration and will create config and brief files under ~/.config/meeting-prep. Review those files and the paths before permitting automated runs. If you enable cron-based auto-prep, the scripts will run on a schedule and write briefs/logs locally. - If you plan to use real LinkedIn/company data, ask how that data will be fetched: does the skill call external services, a third-party server, or local CLI tools? If real network calls are added, check what endpoints are contacted and whether any credentials (LinkedIn/CRM/API tokens) are requested or stored. - Safe steps before enabling permanently: 1) Run scripts/setup.sh and then run prep.sh with --dry-run to inspect outputs and ensure nothing unexpected runs. The scripts support --dry-run. 2) Inspect ~/.config/meeting-prep for generated files and confirm their contents are acceptable. 3) If network-enabled research is required, request a version that explicitly documents which services/endpoints it uses and what credentials (if any) it needs; avoid giving third-party tokens unless you trust the source. 4) Because the skill's source/homepage are unknown, prefer local dry-runs and review the code yourself or with a trusted engineer before enabling cron-based auto-prep. What would change this assessment: if you provide evidence that the skill actually performs live web fetches and those fetches go only to public sources (and no secret exfiltration occurs), and/or the package documents and declares any additional required credentials (LinkedIn/CRM/API) and the install mechanisms, the verdict could move toward benign. Conversely, if future commits add network calls to untrusted endpoints or request unrelated credentials, treat the skill as higher risk.

Type: OpenClaw Skill Name: meeting-prep-agent Version: 1.1.0 The skill is classified as suspicious due to a critical shell injection vulnerability found in `scripts/prep.sh`. The script processes attendee emails from the `$TARGET` variable (which can be user-controlled input) by piping them through `cut`, `sed`, and `awk` without proper sanitization. This allows an attacker to inject and execute arbitrary shell commands by crafting a malicious email address (e.g., `[email protected]; malicious_command_here`). This vulnerability could lead to Remote Code Execution (RCE) on the host system where the agent runs. While the skill's stated purpose is benign, this flaw allows for malicious exploitation.