testat1

Security checks across malware telemetry and agentic risk

Overview

This Slack skill is not malicious, but it gives an agent broad Slack read and message-changing powers without clear privacy, scope, or confirmation guidance.

Review before installing. Use it only with a least-privilege Slack bot token, restrict Clawdbot to intended channels where possible, and require explicit confirmation before sending, editing, deleting, pinning, unpinning, or reading sensitive Slack messages or member details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation states the tool uses the bot token configured for Clawdbot and includes actions to readMessages and fetch memberInfo, but does not warn that these operations may expose private channel, DM, or user data available to the bot. This omission can lead an agent or operator to overuse the capability without considering privacy boundaries, least privilege, or user consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation states the tool uses the bot token configured for Clawdbot and includes actions to readMessages and fetch memberInfo, but does not warn that these operations may expose private channel, DM, or user data available to the bot. This omission can lead an agent or operator to overuse the capability without considering privacy boundaries, least privilege, or user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal