zoom-meeting-admin

Pass

Audited by Gen Agent Trust Hub on Jun 5, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file .env.sample contains hardcoded example strings for ZOOM_ACCOUNT_ID, ZOOM_CLIENT_ID, and ZOOM_CLIENT_SECRET. Although these are intended as documentation placeholders, users must replace them with their own credentials in a secure .env file that is excluded from version control.
  • [COMMAND_EXECUTION]: The skill uses python3 to run a local script (scripts/zoom-s2s.py) which handles meeting management tasks. The script takes user-supplied arguments for meeting details and incorporates them into structured API requests.
  • [DATA_EXFILTRATION]: The script reads sensitive credentials from the local filesystem and transmits them to Zoom's official domains (zoom.us and api.zoom.us) to perform authorized actions. This behavior is the intended core functionality of the skill.
  • [SAFE]: The skill enforces strong security measures, such as tightening file permissions on the cached token (chmod 600) and requiring explicit user confirmation for the delete_meeting action, reducing the risk of accidental or unauthorized data loss.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 5, 2026, 02:13 PM
Security Audit — agent-trust-hub — zoom-meeting-admin