wecom-meeting-create

Warn

Audited by Socket on Mar 21, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The core behavior matches meeting scheduling, but the skill has notable trust and scope issues. It requires an unspecified MCP tool and a second skill with no verifiable provenance in the skill text, fetches the full visible contact list to resolve invitees, and authorizes creating meetings without confirmation. No clear credential theft or malicious exfiltration is evident, but the transitive trust chain and broad directory access raise medium risk.

Confidence: 85%Severity: 54%
Audit Metadata
Analyzed At
Mar 21, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/stvlynn%2Fqclaw-skills%2Fwecom-meeting-create%2F@1c1236fe7f12a0ee8ca1c6f910bdf03b1a348a4f
Security Audit — socket — wecom-meeting-create