v1.0.0

Slack Integration

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:52 PM.

Analysis

This Slack skill is purpose-aligned, but it gives an agent broad Slack read/write authority that can post, update, upload, and manage workspace content without clear approval boundaries.

GuidanceReview the Slack scopes carefully before installing. Prefer a restricted bot token, invite the bot only to needed channels, avoid user tokens, and require explicit confirmation before the agent posts, updates, schedules, uploads, or changes channel settings.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

curl -s -X POST https://slack.com/api/chat.postMessage ... chat.update ... chat.scheduleMessage ... conversations.create ... conversations.setTopic ... files.remote.add

The skill provides raw Slack Web API commands that can publish, modify, schedule, create channels, change topics, and share files in a workspace. The artifact does not pair these high-impact write actions with explicit approval, channel scoping, or review guidance.

User impactIf invoked too broadly or on the wrong input, the agent could send or modify Slack messages, create channels, or share files in places visible to coworkers.

RecommendationUse this only with explicit user confirmation for write actions, restrict it to approved channels/workspaces, and prefer dry-run summaries before posting, updating, scheduling, creating channels, or uploading files.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Works with bot tokens or user tokens. ... Bot Token Scopes: chat:write, channels:read, channels:history, files:write, reactions:write, users:read ... For user-level actions ... use a User OAuth Token (`xoxp-...`) instead.

The documented token scopes allow the agent to read Slack channels and users and perform workspace write actions; user tokens can also act with a user's delegated authority. This is sensitive, high-impact account access.

User impactA token with these scopes could expose Slack channel history or user information and allow posts, reactions, and file-related actions as the bot or possibly as a user.

RecommendationUse the least-privileged bot token possible, avoid user tokens unless strictly necessary, limit bot channel membership, rotate/revoke unused tokens, and verify that requested scopes match the intended workflows.