testat1
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a no-code Slack control skill, but it gives the agent broad Slack bot-token powers to read and change messages without clear approval or channel-scope limits.
Install only if you want the agent to operate Slack through Clawdbot. Before use, check the Slack bot's scopes and channel access, and require explicit confirmation for posting, editing, deleting, pinning, or unpinning messages.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could post, edit, or delete Slack messages in channels or DMs using the bot's permissions.
The Slack message action group is enabled and includes send, edit, and delete operations, but the artifact does not describe approval checks, channel restrictions, or safeguards for high-impact workspace mutations.
| messages | enabled | Read/send/edit/delete | ... { "action": "deleteMessage", "channelId": "C123", "messageId": "1712023032.1234" }Require explicit user confirmation for send/edit/delete/pin/unpin actions, restrict allowed channels where possible, and make destructive actions auditable and reversible where Slack permits.
The agent's Slack access will be whatever the Clawdbot token allows, which may be broader than a user expects from the registry metadata.
The skill depends on a delegated Slack bot credential, while the supplied metadata lists no primary credential and does not bound the token's scopes, channels, or actions.
The tool uses the bot token configured for Clawdbot.
Disclose the required Slack credential and scopes, use least-privilege Slack permissions, and document which channels/DMs and actions the bot may access.
Slack messages and member details may become part of the agent's working context when the skill is used.
The skill can read Slack messages and member information through the Slack tool. This is purpose-aligned, but it exposes workspace data to the agent and the artifact does not define retention or sharing boundaries.
{ "action": "readMessages", "channelId": "C123", "limit": 20 } ... { "action": "memberInfo", "userId": "U123" }Use the skill only in appropriate channels, avoid reading sensitive DMs or private channels unless necessary, and clarify how retrieved Slack data is handled.
Users may have less certainty that the published registry entry matches the intended Slack skill package.
The bundled metadata identifies slug "slack" and a different owner ID than the registry entry shown for "testat1", creating a provenance/identity mismatch. There is no code payload, so this is a review note rather than evidence of malicious behavior.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "slack"
Verify the publisher and package identity before installing, especially because the skill controls Slack workspace actions.