Security Audit

zoom-meeting-assistance-rtms-unofficial-community

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

zoom-meeting-assistance-rtms-unofficial-community received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Unpinned npm dependency version, Prompt Injection via Untrusted Transcript Data.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

40%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

48%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

4 findings

Dynamic Code

3 findings

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/tanchunsiong/zoom-meeting-assistance-with-rtms-unofficial-community-skill/chatWithClawdbot.js:28
CRITICAL	Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/tanchunsiong/zoom-meeting-assistance-with-rtms-unofficial-community-skill/chatWithClawdbot.js:49
CRITICAL	Prompt Injection via Untrusted Transcript Data The skill processes meeting transcripts, which are user-generated content from meeting participants, and passes them directly as the `--message` argument to the `openclaw` AI agent binary. If the `openclaw` binary is an LLM, this constitutes a direct prompt injection vulnerability. Malicious meeting participants could craft specific phrases in their speech to manipulate the AI's behavior, extract sensitive information, or bypass safety mechanisms. Implement robust sanitization or a dedicated LLM input parser for all user-generated content (like transcripts) before it is passed to the `openclaw` AI agent. This might involve filtering out known prompt injection keywords, using a structured input format, or employing an LLM-specific input validation library to prevent malicious instructions from being interpreted as part of the AI's directives.	LLM	chatWithClawdbot.js:86
HIGH	Command Injection in FFmpeg Calls In `convertMeetingMedia.js`, the `file` variable, which is obtained from `fs.readdirSync` and represents filenames within a recording directory, is directly interpolated into `ffmpeg` shell commands. The `exec` function (used via `promisify(exec)`) invokes a shell, making it vulnerable to command injection. Although the `streamId` (which forms the directory name) is sanitized, the `file` names themselves are not. If an attacker can introduce a file with a malicious name (e.g., containing shell metacharacters like `"; rm -rf /;"`) into a recording directory, this could lead to arbitrary command execution on the host system. When constructing shell commands, all variables derived from untrusted sources (including filenames from user-controlled directories) must be properly escaped for the shell. For `ffmpeg`, consider using an `ffmpeg` library that handles argument escaping or manually escape arguments using a function that correctly quotes shell arguments, or preferably, use `child_process.spawn` with arguments passed as an array to avoid shell interpretation entirely.	LLM	convertMeetingMedia.js:30
MEDIUM	Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.4.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/tanchunsiong/zoom-meeting-assistance-with-rtms-unofficial-community-skill/package.json
MEDIUM	Path Traversal / File Overwrite via Unsanitized User ID In `saveRawAudioAdvance.js`, the `user_id` obtained from the RTMS stream (which is untrusted input) is used directly as part of a filename without being sanitized. An attacker could inject path traversal sequences (e.g., `../../`) into the `user_id` to write raw audio data to arbitrary locations on the file system, potentially overwriting critical system files, leading to data exfiltration, or causing a denial of service. Apply the `sanitizeFileName` function (already present in `tool.js`) to the `user_id` variable before using it to construct file paths. This will prevent path traversal and ensure that only valid, safe characters are used in filenames.	LLM	saveRawAudioAdvance.js:12

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c7b068c56b20fbbf.svg)](https://skillshield.io/report/c7b068c56b20fbbf)