ClawHub

Google Meet

Security checks across malware telemetry and agentic risk

Overview

This official Google Meet plugin has sensitive meeting-control features, but the artifacts are coherent with that purpose and do not show deception or malware behavior.

Install only if you want OpenClaw to join and operate in Google Meet calls. Review OAuth scopes, keep refresh tokens and voice-call tokens restricted, avoid untrusted custom audio commands, and use transcribe or disable auto-join/microphone automation when you want a more conservative setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The automation script can click through Meet microphone-related prompts automatically, changing browser/UI state without explicit user confirmation at the point of action. Even if intended to streamline setup, silently accepting prompts can surprise users, weaken informed consent, and mask permission-related actions during remote browser control.

Missing User Warnings

High
Confidence
96% confidence
Finding
This function can terminate an active Google Meet conference via API immediately after resolving the meeting space, with no confirmation, secondary authorization, or safety interlock visible in this file. If exposed through an agent skill or triggered unexpectedly, it could disrupt live meetings and cause denial of service for participants.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export flow writes transcripts, attendance, smart notes, and raw JSON artifacts to disk and optionally zips them, but the command provides no user-facing warning, confirmation, permission hardening, or redaction safeguards. In this context the data is highly sensitive meeting content, so accidental disclosure via shared workstations, backups, or permissive filesystem access is realistic.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function automatically calls join() on a created meeting URL using runtime-supplied transport and dialing parameters, without any explicit confirmation gate in this code path. In an agent skill context, that can cause unintended meeting entry or dialing behavior, creating privacy, consent, and unauthorized-access risks if invoked by a prompt, automation, or untrusted caller.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The plugin executes configured audio bridge commands via spawn/spawnSync, and those commands come from plugin configuration without any allowlist or trust boundary enforcement. In a hostile or multi-tenant configuration environment, an attacker who can influence config can achieve arbitrary local command execution on the host or paired node.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The browser automation can auto-fill guest names, click Join, toggle microphone state, and route audio output inside Google Meet. Even though this is core functionality for the plugin, it performs impactful actions in a live communications context and could join or alter meeting state without strong per-action confirmation, increasing the risk of unintended participation or privacy issues.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal