Skillv0.1.0

ClawScan security

Slacrawl · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 5:54 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (pull Slack data into a local SQLite DB) matches its runtime instructions, but there are metadata and install inconsistencies and a sensitive optional token-extraction mode (browser cookies) that you should review before installing.
Guidance: This skill appears to do what it says (mirror Slack into a local SQLite DB) but check a few things before installing: 1) Verify the slacrawl binary comes from the official GitHub repo and matches your OS/arch (the SKILL.md lists a darwin_arm64 asset but the skill also claims Linux support). 2) Prefer the Slack app OAuth token mode (xoxp…) and avoid the 'cookie token' extraction unless you understand how to extract cookies safely — extracting browser cookies can expose other sessions/credentials. 3) Inspect the upstream project's source or release checksums to ensure the binary doesn't exfiltrate tokens (the skill claims 'local-first' but you should confirm). 4) Confirm where config (~/.slacrawl/config.toml) and database (~/.slacrawl/slacrawl.db) will be stored and that you are comfortable with that data residing on disk. If you need higher assurance, review the slacrawl source code or build the binary from source rather than installing a prebuilt release.

Review Dimensions

Purpose & Capability: noteThe skill claims to mirror Slack workspace data into a local SQLite DB and the instructions and required binary (slacrawl) are consistent with that purpose. Requesting a Slack token (app OAuth token) is proportionate. The optional 'cookie token' mode (xoxc + d cookie) is a more sensitive way to obtain access and increases risk.
Instruction Scope: noteSKILL.md instructs the agent to create and edit a local config (~/.slacrawl/config.toml) and to store data at ~/.slacrawl/slacrawl.db — these are expected for the stated function. However the instructions mention extracting browser cookies for the cookie-token mode (implicitly requiring access to browser session data), which is outside the typical scope of a simple sync tool and raises privacy/sensitivity concerns if followed.
Install Mechanism: concernThe SKILL.md includes metadata pointing to a GitHub-release install (acceptable source), but registry metadata reported 'No install spec'. The install entry in SKILL.md targets an asset pattern for darwin_arm64 only, while the skill advertises support for both darwin and linux — this mismatch should be resolved. Verify the release source/asset and checksum before installing binaries from the internet.
Credentials: noteNo environment variables are required (registry shows none), which is reasonable because tokens are stored in a local config file. However the skill requires user credentials (Slack OAuth token) and optionally suggests extracting cookie-based tokens, which would require access to browser cookies/local session secrets — that is sensitive and not justified for ordinary use unless you understand the consequences.
Persistence & Privilege: okThe skill does not request elevated platform privileges and 'always' is false. It stores config and DB under the user's home directory (~/.slacrawl), which is expected for this tool and is a reasonable scope of persistence.