Slack (Socket Mode)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change or remove Slack content, post messages, or alter pins if it decides to invoke these actions with the configured bot permissions.
The skill exposes broad Slack control, including message deletion, editing, posting, file download, and pin management. These are purpose-related but high-impact actions, and the artifact does not define confirmation requirements or clear limits.
Use the `message` tool with these actions to control Slack: **send, react, reactions, read, edit, delete, download-file, pin, unpin, list-pins, member-info, emoji-list**.
Only install with a Slack bot that has the minimum scopes and channel access needed, and require explicit user confirmation before send, edit, delete, pin, unpin, or file-download actions.
The skill can act with whatever Slack permissions the configured bot token has.
Slack account authority is delegated through the OpenClaw bot token. This is expected for a Slack integration, but the artifact does not enumerate exact Slack scopes or channel boundaries.
The tool uses the bot token configured for OpenClaw.
Review the Slack bot token scopes and restrict the bot to only the channels and actions needed.
The agent may retrieve member profile details such as names, emails, time zones, and status information.
The member-info action can retrieve personal Slack profile data. This is a normal Slack integration capability, but it is sensitive workspace information.
Returns: real_name, display_name, email, avatar URLs, timezone, profile status, etc.
Use member lookups only when necessary and ensure Slack workspace users understand what profile data the bot can access.
Slack channels could be repeatedly read if the agent is asked to monitor them over time.
The artifact suggests repeated channel reads. There is no code or persistence mechanism, so this is not hidden background behavior, but it could become open-ended monitoring if a user or agent applies it broadly.
Monitor channel activity with periodic `read` calls.
Set clear time limits, channel limits, and purpose limits before asking the agent to monitor Slack activity.