v1.0.0

testat1

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

This is a coherent Slack-control skill, but it can read and change Slack messages using Clawdbot's bot token and its embedded identity does not match the registry listing.

GuidanceInstall only if you intentionally want Clawdbot to manage Slack. Before installing, verify the publisher/metadata mismatch, review the Slack bot token scopes, restrict the bot to necessary channels, and require human confirmation for sending, editing, deleting, pinning, or unpinning messages.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

| messages | enabled | Read/send/edit/delete |

The skill enables Slack message mutation, including deletion. These are high-impact actions, and the artifact does not define approval requirements or channel/workspace boundaries.

User impactIf invoked incorrectly or autonomously, the agent could send, edit, or delete Slack messages anywhere the bot has access.

RecommendationRequire explicit user confirmation for send, edit, delete, pin, and unpin actions, and restrict use to intended workspaces, channels, and messages.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusConcern

_meta.json

"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "slack"

The embedded metadata conflicts with the supplied registry listing, which identifies the evaluated skill as slug testat1 owned by kn77ncj465rvq2n8f53jat26ch80jen8. This creates a package identity/provenance mismatch.

User impactA user may not be able to tell whether the installed artifact really comes from the registry identity they intended to trust.

RecommendationVerify the publisher and package identity before installation, and republish with consistent registry and embedded metadata.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

The tool uses the bot token configured for Clawdbot.

The skill relies on delegated Slack account authority. The artifacts do not describe the token's scopes, workspace limits, or which channels/DMs it may access.

User impactThe agent's Slack actions will be limited by the bot token, but those permissions could include sensitive channels or message-management powers.

RecommendationReview the Clawdbot Slack token scopes before installing, use least-privilege Slack permissions, and avoid granting access to sensitive channels unless needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

"action": "readMessages", "channelId": "C123", "limit": 20

The skill can retrieve recent Slack channel or DM messages through the Slack tool. This is purpose-aligned, but Slack messages may contain sensitive business or personal information.

User impactSlack message contents and member information can be brought into the agent context when the bot has access.

RecommendationUse the skill only in approved Slack workspaces and channels, and avoid reading sensitive DMs or restricted channels unless explicitly intended.