ClawHub

Slack

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Slack API integration that can make real workspace changes, but its broad Slack access is coherent with its stated purpose and documented approval guidance.

Install only if you trust Maton as an API gateway for Slack data. Use the least-privileged Slack connection available, specify the intended connection when multiple workspaces are connected, and require explicit confirmation before posting, deleting, archiving, inviting, kicking, uploading, or removing anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata frames the integration as simple messaging and workflow automation, but the document exposes a much broader privileged surface including channel administration, message deletion, file operations, user lookup, invitations, kicks, and archival actions. This mismatch can mislead downstream agents or users into invoking higher-risk capabilities than expected, increasing the chance of unauthorized or destructive actions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document states that all write operations require explicit user approval, but the examples and API surface show no technical enforcement of that policy. If an agent or wrapper trusts this statement, it may perform destructive Slack actions under the false assumption that approval gates exist, enabling unauthorized posting, deletion, channel changes, or membership changes.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```

```bash
maton api -X DELETE /connections/{connection_id}
```

**Python:**
Confidence
93% confidence
Finding
DELETE /connections/{connection_id}

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal