← 返回 Skills 市场
Zoom Meeting Assistance Rtms Unofficial Community
作者
Tan Chun Siong
· GitHub ↗
· v0.1.3
2287
总下载
1
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install zoom-meeting-assistance-with-rtms-unofficial-community-skill
功能描述
Zoom RTMS Meeting Assistant — start on-demand to capture meeting audio, video, transcript, screenshare, and chat via Zoom Real-Time Media Streams. Handles meeting.rtms_started and meeting.rtms_stopped webhook events. Provides AI-powered dialog suggestions, sentiment analysis, and live summaries with WhatsApp notifications. Use when a Zoom RTMS webhook fires or the user asks to record/analyze a meeting.
安全使用建议
This skill appears to do what it claims (record RTMS streams, run local AI analysis, and notify via OpenClaw), but the packaging has gaps and the data flows have privacy implications. Before installing: 1) Treat it as untrusted third‑party code — review index.js and chatWithClawdbot.js (they call openclaw and ffmpeg). 2) Verify required environment variables (ZOOM_SECRET_TOKEN, ZOOM_CLIENT_ID, ZOOM_CLIENT_SECRET, OPENCLAW_NOTIFY_TARGET, OPENCLAW_BIN) and ensure the registry entry is updated — the published metadata currently omits them. 3) Confirm where notifications will be sent (OPENCLAW_NOTIFY_TARGET) and disable notifications during testing. 4) Run in a sandbox or isolated VM; do not expose the webhook port publicly until you verify request validation and consent policies. 5) Check for the auxiliary files the code reads (e.g., sps_pps_keyframe.h264, black_frame.h264) and ensure they come from a trusted source. 6) If you plan to record meetings, ensure you have participant consent and that storing transcripts/media locally complies with policy/regulation. If you are not comfortable auditing the code or managing the OpenClaw binary and webhook exposure, do not deploy this skill in production.
功能分析
Type: OpenClaw Skill
Name: zoom-meeting-assistance-with-rtms-unofficial-community-skill
Version: 0.1.3
The skill is classified as suspicious due to its use of `child_process.execFile` and `child_process.exec` in `chatWithClawdbot.js`, `convertMeetingMedia.js`, and `muxMixedAudioAndActiveSpeakerVideo.js` to execute external binaries (`openclaw` and `ffmpeg`). While these are used for the stated purpose of AI processing and media conversion, they represent broad capabilities that could be exploited if the `OPENCLAW_BIN` environment variable is compromised or if the `openclaw` CLI itself has vulnerabilities. Additionally, the skill employs extensive prompt engineering in files like `summary_prompt.md` and `query_prompt.md` to strictly control the AI agent's output format and behavior, which, while intended for functionality, highlights a significant prompt injection attack surface against the AI agent.
能力评估
Purpose & Capability
The skill is clearly a Zoom RTMS recorder + local AI analysis pipeline (connects to RTMS WebSockets, saves media, runs OpenClaw for analysis, and sends WhatsApp notifications). That capability justifies Zoom webhook tokens, a Zoom app client ID/secret, ffmpeg, and an OpenClaw binary. However the registry metadata claims “Required env vars: none” and “Required binaries: none” while SKILL.md and the code require ZOOM_SECRET_TOKEN, ZOOM_CLIENT_ID, ZOOM_CLIENT_SECRET, ffmpeg, and an OpenClaw binary/target. This metadata mismatch is an incoherence that could mislead users about the privileges the skill needs.
Instruction Scope
SKILL.md instructs running a local Node server, receiving Zoom webhook events, connecting to RTMS, writing transcripts/media to disk, and periodically calling OpenClaw for dialog suggestions, sentiment, and summaries. Those steps are within the stated purpose. Important runtime actions to note: (1) the service persists raw media and text recordings under the skill folder; (2) it invokes local binaries (openclaw and ffmpeg) and will send meeting content out via OpenClaw notifications (WhatsApp) if configured. Those flows are expected for the feature but are high-impact for privacy—the instructions do not strongly call out consent or destination controls.
Install Mechanism
There is no formal install spec in the registry, but a package.json + package-lock.json are included and SKILL.md instructs npm install and running node index.js. Dependencies are standard npm packages (express, ws, sharp, pdfkit, etc.) — no remote arbitrary URL downloads were found. Still, the skill expects external system binaries (ffmpeg and a local openclaw CLI) that are not enforced by the registry metadata; missing auxiliary files referenced by code (e.g., sps_pps_keyframe.h264, black_frame.h264) are read directly and are not listed, which may cause runtime errors or require the user to supply files.
Credentials
The code and SKILL.md require sensitive environment values (ZOOM_SECRET_TOKEN, ZOOM_CLIENT_ID, ZOOM_CLIENT_SECRET) and an OPENCLAW_NOTIFY_TARGET (phone number) while the registry metadata omitted declaring required envs/primary credential. The skill will send meeting transcripts and AI outputs to the OpenClaw agent and (if configured) to external notification channels like WhatsApp — this is functionally coherent but represents significant data exfiltration risk if misconfigured or used without consent. The number and sensitivity of required secrets are proportionate to the feature, but the lack of declared requirements in the registry is a red flag.
Persistence & Privilege
The skill runs a long‑running HTTP server that accepts incoming webhook traffic and stores recordings on disk under the skill folder. It is not marked always:true and does not appear to modify other skills. Still, running an exposed webhook receiver and writing raw media/transcripts locally is a substantial persistence/privilege footprint: ensure the endpoint is gated, webhooks are validated, and access to the recordings directory is controlled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install zoom-meeting-assistance-with-rtms-unofficial-community-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/zoom-meeting-assistance-with-rtms-unofficial-community-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.3
- Replaced all references to Clawdbot with OpenClaw for AI-powered analysis and notifications.
- Changed environment variable names from CLAWDBOT_NOTIFY_CHANNEL / CLAWDBOT_NOTIFY_TARGET to OPENCLAW_NOTIFY_CHANNEL / OPENCLAW_NOTIFY_TARGET.
- Updated documentation and configuration details to match the new OpenClaw integration.
- No changes to meeting recording or processing behavior.
v0.1.2
- Updated SKILL.md to remove documentation for unused environment variables (`WEBHOOK_PATH`, `WEBSOCKET_URL`, `AI_PROVIDER`, `OPENROUTER_API_KEY`, `OPENROUTER_MODEL`)
- Environment variable reference is now slimmer and matches current code behavior
- No functional changes to the skill; documentation only
v0.1.1
- Recordings are now organized by date for easier navigation; summaries are copied to a central summaries folder.
- New post-meeting automation: mixed audio and active speaker video are muxed into a final MP4 automatically—manual scripts are rarely needed.
- Introduced a new helper script, `muxMixedAudioAndActiveSpeakerVideo.js`, replacing the old audio/video mux script.
- Added persistent meeting metadata (`metadata.json`) in each recording for tracking meeting info.
- Documentation now emphasizes starting the service before forwarding webhooks, with troubleshooting guidance.
- SKILL.md updated: improved file structure documentation, clarified search examples, and expanded AI prompt customization tips.
v0.1.0
Initial release of Zoom RTMS Meeting Assistant.
- Handles Zoom Real-Time Media Streams (RTMS) and processes meeting webhook events.
- Captures audio, video, transcript, screenshare, and chat from Zoom meetings.
- Provides AI-powered dialog suggestions, sentiment analysis, and meeting summaries.
- Supports WhatsApp notifications for meeting updates and summaries.
- Stores recordings and analysis in organized folders for easy search and access.
- Includes API endpoints and manual scripts for post-meeting media processing.
元数据
常见问题
Zoom Meeting Assistance Rtms Unofficial Community 是什么?
Zoom RTMS Meeting Assistant — start on-demand to capture meeting audio, video, transcript, screenshare, and chat via Zoom Real-Time Media Streams. Handles meeting.rtms_started and meeting.rtms_stopped webhook events. Provides AI-powered dialog suggestions, sentiment analysis, and live summaries with WhatsApp notifications. Use when a Zoom RTMS webhook fires or the user asks to record/analyze a meeting. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2287 次。
如何安装 Zoom Meeting Assistance Rtms Unofficial Community?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install zoom-meeting-assistance-with-rtms-unofficial-community-skill」即可一键安装,无需额外配置。
Zoom Meeting Assistance Rtms Unofficial Community 是免费的吗?
是的,Zoom Meeting Assistance Rtms Unofficial Community 完全免费(开源免费),可自由下载、安装和使用。
Zoom Meeting Assistance Rtms Unofficial Community 支持哪些平台?
Zoom Meeting Assistance Rtms Unofficial Community 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Zoom Meeting Assistance Rtms Unofficial Community?
由 Tan Chun Siong(@tanchunsiong)开发并维护,当前版本 v0.1.3。
推荐 Skills