Security Audit
zoom-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
zoom-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill grants ability to permanently delete Zoom cloud recordings.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill grants ability to permanently delete Zoom cloud recordings The skill exposes the `ZOOM_DELETE_MEETING_RECORDINGS` tool, which, when used with the `action: "delete"` parameter, allows for the permanent and irreversible deletion of cloud recordings. Granting an AI agent this level of destructive capability without explicit user confirmation or robust safeguards in the orchestrating system poses a significant risk of data loss. While the default action is 'trash', the 'delete' option is clearly documented and available. 1. Implement strict access controls or user confirmation prompts before allowing the AI agent to execute `ZOOM_DELETE_MEETING_RECORDINGS` with `action: "delete"`. 2. Consider restricting the `action` parameter to `"trash"` by default or requiring a higher-level authorization for permanent deletion. 3. Ensure the agent's prompt engineering guides it to prefer `"trash"` over `"delete"` unless explicitly instructed by the user. | LLM | SKILL.md:104 |
Scan History
Embed Code
[](https://skillshield.io/report/f064b0d45bfe09df)
Powered by SkillShield