ClawHub

Slack Integration

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Slack API helper skill; it can access and change Slack workspace content, but the behavior matches its stated purpose.

Install only if you trust Maton and are comfortable granting the connected Slack permissions. Use the least-privileged Slack connection available, confirm the workspace/channel before any write, avoid sending secrets or raw logs, and revoke the OAuth/API access when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly documents reading channel history, listing users, and looking up users by email, but it does not warn that these actions process potentially sensitive employee communications and directory data. In an agent setting, omission of privacy and authorization guidance can lead to over-collection or inappropriate access to workspace data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill provides multiple examples for posting messages, creating channels, and uploading or sharing files to Slack without warning that these actions transmit potentially sensitive local, user, CI/CD, incident, or system data to an external third-party service. In practice, an agent could disclose internal data to the wrong workspace, channel, or recipients if operators are not explicitly cautioned.

External Transmission

Medium
Category
Data Exfiltration
Content
# Then POST the file content to upload_url, then call files.completeUploadExternal

# Share a remote file link
curl -s -X POST https://slack.com/api/files.remote.add \
  -H "Authorization: Bearer $SLACK_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"external_id": "report-1", "external_url": "https://example.com/report.pdf", "title": "Monthly Report"}'
Confidence
80% confidence
Finding
curl -s -X POST https://slack.com/api/files.remote.add \ -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d '{"external_id": "report-1", "external_url": "https://

Context Leakage

High
Category
Data Exfiltration
Content
**Incident channel:** Create a private channel named `incident-YYYY-MM-DD-<slug>`, set the topic, invite responders, post the initial report with severity and affected services.

**Standup reminder:** Schedule a daily message at 9:30 AM to #team with a prompt template. Collect threaded replies.

**Error alert:** When Sentry fires a webhook, post the error title, count, and link to the relevant channel. Add a 🔴 reaction for critical, 🟡 for warning.
Confidence
86% confidence
Finding
Collect thread

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal