indigoai-us/hq-cowork-meetings
core/packages/hq-pack-cowork/skills/hq-cowork-meetings/SKILL.md
Read HQ meeting intelligence (recorded meetings, attached sources, extracted signals) from a sandboxed Claude Code plugin host (Cowork) via the host-side `mcp__hq__hq_meetings`, `mcp__hq__hq_sources`, and `mcp__hq__hq_signals` tools. List/get/search meetings, pull transcripts and AI notes, browse sources (meeting/email/slack/linear/notion) and signals (action_item/commitment/decision/key_point/risk/summary). Read-only; routed through hq-pack-cowork's MCP server.
$ install --global
skillsauthnpx skillsauth add indigoai-us/hq-core hq-cowork-meetingsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 5:07 AM188.8s1 file scanned
SKILL.md
- name:
- hq-cowork-meetings
- description:
- Read HQ meeting intelligence (recorded meetings, attached sources, extracted signals) from a sandboxed Claude Code plugin host (Cowork) via the host-side `mcp__hq__hq_meetings`, `mcp__hq__hq_sources`, and `mcp__hq__hq_signals` tools. List/get/search meetings, pull transcripts and AI notes, browse sources (meeting/email/slack/linear/notion) and signals (action_item/commitment/decision/key_point/risk/summary). Read-only; routed through hq-pack-cowork's MCP server.
- allowed-tools:
- mcp__hq__hq_meetings, mcp__hq__hq_sources, mcp__hq__hq_signals
/hq-cowork-meetings — Read meeting intelligence from a sandboxed agent
Reads recorded meetings, their source material, and extracted signals from
inside Cowork, where the hq CLI is unreachable. Routes through the
host-side MCP server. All three tools are read-only.
Args: $ARGUMENTS — what to read (a meeting, a transcript, action items,
etc.). Pick the right tool below from intent.
Meetings — mcp__hq__hq_meetings
| Action | Purpose | Needs |
|---|---|---|
| list | Recorded meetings, newest first | limit optional (default 20) |
| get | Details for one meeting | meetingId |
| search | Match by title / participant | query |
| transcript | Full transcript | meetingId |
| notes | AI-generated notes | meetingId |
{ "action": "notes", "meetingId": "<id>", "company": "<slug>", "json": false }
Sources — mcp__hq__hq_sources
Source material (meeting / email / slack / linear / notion) attached to a vault entity.
| Action | Purpose | Needs |
|---|---|---|
| channels | Enumerate canonical channels | — |
| entities | Entities you can access | — |
| list | Sources for an entity, by channel | entity optional, type optional |
| get | One source by id | id (+ entity/type) |
Signals — mcp__hq__hq_signals
Extracted signals for a vault entity.
| Action | Purpose | Needs |
|---|---|---|
| types | Enumerate canonical signal types | — |
| entities | Entities you can access | — |
| list | Signals for an entity, by type | entity optional, type optional |
| get | One signal by id | id (+ entity/type) |
Signal types: action_item, commitment, decision, key_point, risk,
summary.
Notes
entitydefaults to the active company. Pass it explicitly for a multi-company user, and respect cross-company isolation.json: true(meetings) /json: true(sources/signals) returns raw JSON for programmatic use; omit for human-readable tables.
When to use this instead of host-side calls
Only inside Cowork or another sandboxed plugin host. On a host-side session,
call hq meetings / hq sources / hq signals directly.
Why this skill exists
These commands authenticate with the user's Cognito session under ~/.hq
and read the cloud vault — neither is visible from Cowork's Linux VM. The
host-side MCP server runs the real commands and returns output to the
sandboxed agent.
Related Skills
indigoai-us/hq-cowork
tools
VerifiedTrustedCommunity
Discovery + dispatch entry point for native HQ inside Cowork (or any sandboxed Claude Code plugin host). Enumerates every HQ capability available through hq-pack-cowork's host-side MCP server (identity, sync, qmd/search, secrets, vault files, team & membership, packages & modules, meeting intelligence, feedback, schema-backed runs, guarded long-tail CLI) and routes to the right `mcp__hq__*` tool while preserving default HQ behavior through a different transport. Use when the agent needs HQ but `hq`/`qmd` aren't reachable from its bash sandbox and isn't sure which tool to call.
39SKILL.mdUpdated Jun 4, 2026
indigoai-us/hq-cowork-sync
tools
VerifiedTrustedCommunity
Run a full HQ sync (all cloud-backed companies, bidirectional) from a sandboxed Claude Code plugin host (Cowork) by calling the host-side `hq_sync` MCP tool. Same engine as AppBar HQ Sync and the `/hq-sync` skill, but routed through the hq-pack-cowork MCP server so it works even when the `hq` binary and `~/.hq` auth are not reachable from the agent's bash sandbox.
39SKILL.mdUpdated Jun 4, 2026
indigoai-us/hq-cowork-share
tools
VerifiedTrustedCommunity
Share an HQ vault path from a sandboxed Claude Code plugin host (Cowork) by calling the host-side `hq_share` MCP tool. Without `--with`, mints an encrypted single-use share-session URL (default 15-min expiry). With `--with`, grants direct ACL access to a person, group, or `@all`. Same capability as `/hq-share`, routed through hq-pack-cowork's MCP server so it works from a sandboxed agent.
39SKILL.mdUpdated Jun 4, 2026
indigoai-us/core/packages/hq-pack-cowork/skills/hq-cowork-secrets
tools
VerifiedTrustedCommunity
--- name: hq-cowork-secrets description: Use HQ secrets from a sandboxed Claude Code plugin host (Cowork). The host-side MCP server never returns a secret value itself: `mcp__hq__hq_secrets_exec` runs a command on the host with named secrets injected as env vars (only the command's output returns), and refuses to launch a shell or value-printing binary; `mcp__hq__hq_secrets_list` lists secret NAMES/metadata only. These tools run host commands with the user's privileges, so treat them as host-tru
39SKILL.mdUpdated Jun 4, 2026