Security audit

Slack Standup

Security checks across malware telemetry and agentic risk

Overview

This Slack standup skill is mostly purpose-aligned, but it includes an unsafe hardcoded Slack-like bot token in a script that would post into Slack.

Review before installing. Use only a newly created least-privilege Slack bot token, store it outside the skill files, restrict it to approved channels, and rotate any token that may have been copied into this package. Make sure team members know where their standup updates will be posted and who can read them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill handles employee standup responses and posts aggregated summaries into Slack channels, but the description does not clearly warn users that team input will be collected, processed, and redistributed. This can create privacy and expectation gaps, especially if responses may contain sensitive project, personnel, or operational information and are posted to a broader audience than the responder expects.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script embeds a Slack bot token directly in source code and uses it to send messages to Slack. Hardcoded credentials are highly sensitive because anyone who can read the file, logs, backups, or repository history may reuse the token to impersonate the bot, access permitted Slack resources, or abuse the workspace integration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal