meeting-recorder

SUSPICIOUS. The core capabilities fit a meeting transcription skill, but trust is weakened by an unverified setup script and an unspecified prerequisite Chrome automation skill. Data flow is mostly coherent and local, with moderate risk from transitive trust, plaintext localhost transport, and autonomous meeting participation.

This module is a transcription client/recorder that streams live audio from stdin to a configurable WebSocket endpoint (SPEACHES_URL) and writes returned transcripts and keyword-based mention detections to local files. There are no strong indicators of malware (no obfuscation, no dynamic code execution, no subprocesses, no credential theft), but it has meaningful security/privacy risk due to continuous audio exfiltration to an external network destination and potentially unsafe filesystem path handling via unsanitized meeting_id (affecting directory/symlink targets). Use of ws:// (non-TLS) and sensitive stderr logging further increase exposure if misconfigured.