Is daniil-ctrl/fireflies safe?

https://github.com/openclaw/skills/tree/main/skills/daniil-ctrl/fireflies

87
SAFE

The daniil-ctrl/fireflies skill is clean, documentation-only code that accurately describes how to query the Fireflies.ai GraphQL API. No prompt injection, malicious code, unauthorized local file access, or exfiltration attempts are present in the skill itself. The primary risk is the sensitivity of the data the skill grants access to — full meeting transcripts, audio/video recordings, participant contact lists, and real-time meeting metadata — which makes this skill a high-value capability that warrants careful use-case review before deployment in an agent with broad tool access.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 88/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (5)

MEDIUM Full meeting transcript, recording URL, and contact access -22

The skill exposes GraphQL queries that retrieve complete verbatim transcripts (every spoken sentence with speaker attribution), time-limited audio/video download URLs, full participant and organizer email lists, and organizational contact books. This constitutes comprehensive access to an organization's meeting intelligence. A misdirected or compromised agent could systematically exfiltrate this data without user awareness.

MEDIUM Repeated reads of all credential honeypot files pre- and post-installation -20

Auditd PATH syscall records show all six honeypot credential files were opened for reading both approximately 5 seconds before the git clone commenced and approximately 5 seconds after installation completed. While file contents were confirmed intact and the timing pattern is consistent with the oathe monitoring harness performing baseline and post-install integrity sweeps, the audit cannot rule out that a transient process spawned during installation performed reconnaissance reads.

LOW Unofficial third-party integration; not published by Fireflies.ai -28

The skill is authored by 'Uploadify' under the GitHub handle 'daniil-ctrl' and has no affiliation with Fireflies.ai Inc. While the content is accurate and benign, users should understand there is no official vendor review, and future updates to the skill in the openclaw/skills monorepo are outside Fireflies.ai's control.

LOW Full-corpus keyword search enables covert organizational intelligence gathering 0

The transcripts(keyword, scope:'ALL') query searches sentence-level text across every recorded meeting in the workspace. An attacker who can influence agent prompts could silently sweep meeting history for sensitive terms without surfacing the operation to the user in a meaningful way.

INFO External binary dependencies (curl, jq) required -3

The skill documents a dependency on curl and jq system binaries, which are standard utilities. No security risk in themselves, but users on restricted environments should note these must be present.