Slack
PassAudited by ClawScan on May 7, 2026.
Overview
This appears to be a legitimate Slack integration, but it requires trusting Maton with Slack OAuth/API access and can read or change Slack content when used.
Before installing, make sure you trust Maton as a Slack API gateway, connect only the Slack workspace/account you intend to use, and require explicit confirmation before any message posting, channel management, or delete operation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could post to the wrong Slack channel or make unintended workspace changes.
The skill can perform meaningful Slack workspace actions, including message posting and channel management. This is expected for the stated purpose, but users should notice the operational impact.
Send messages, manage channels, list users, and automate Slack workflows.
Keep the documented approval step for all write operations, and verify the Slack connection, channel, and action before allowing sends, updates, or deletes.
The connected Slack permissions determine what the agent can read or change in the workspace.
The skill depends on Maton-managed Slack OAuth credentials. This is purpose-aligned, but it grants delegated access to the connected Slack account.
Maton proxies requests to `slack.com` and automatically injects your OAuth token.
Use the least-privileged Slack connection suitable for the task, specify the intended connection when multiple accounts exist, and revoke unused connections.
Installing the CLI adds software from an external package source to the user's environment.
The instruction-only skill asks users to install an external CLI package that was not included in the scanned artifact set. This is a normal setup path for a CLI integration, but its code is outside this review.
npm install -g @maton-ai/cli brew install maton-ai/cli/maton
Install the Maton CLI only from the documented official package sources and keep it updated.
Slack message contents, channel identifiers, and API responses may pass through Maton's API service during use.
Slack API requests are routed through Maton's gateway rather than directly to Slack. This provider-mediated flow is disclosed and expected, but it affects where Slack request data travels.
https://api.maton.ai/slack/{method}Use this skill only if sending Slack data through Maton's managed API gateway is acceptable for the workspace's privacy and compliance requirements.