ClawHub

Daxiang Slack

Security checks across malware telemetry and agentic risk

Overview

This Slack automation skill is coherent, but it gives an agent broad access to an authenticated Slack session and encourages saving messages, screenshots, and raw snapshots without enough privacy guardrails.

Install only if you are comfortable letting an agent operate an authenticated Slack browser session. Use it for explicit, narrow Slack tasks; avoid broad workspace sweeps; review before sending messages; do not capture DMs or private content unless necessary and authorized; redact generated screenshots, JSON, and reports before sharing; and delete local Slack artifacts when the task is done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description uses broad, catch-all activation language such as handling 'any Slack task' and generic triggers like 'check my Slack' or 'extract from Slack.' This increases the chance the skill is invoked for sensitive actions without sufficient scoping, confirmation, or least-privilege boundaries, especially in a workspace that may contain confidential business communications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly supports reading messages, extracting data, searching conversations, and taking screenshots of Slack content, but it provides no privacy warning or consent guidance. Because Slack commonly contains private messages, customer data, credentials, and internal strategy, omission of such safeguards makes accidental over-collection and exposure more likely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples instruct saving Slack snapshots and screenshots to local files such as JSON, PNG, and text outputs without any warning that these artifacts may contain sensitive conversation content, names, channel metadata, or attachments. Persisting such data to disk creates secondary exposure risk through local retention, later reuse, or leakage beyond the immediate task.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
These instructions explicitly direct the agent to capture Slack screenshots and export workspace/channel data to local files without any guardrails about consent, data minimization, retention, or safe storage. Because Slack commonly contains confidential business communications, this creates a real risk of unnecessary collection and persistence of sensitive data on the operator’s machine.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Saving search snapshots and results to local files can preserve sensitive message content, participants, channels, and metadata beyond the immediate task, increasing exposure if the files are later accessed, synced, or mishandled. The absence of warnings or restrictions is especially risky in a Slack automation skill whose normal operation involves searching across potentially private conversations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section provides operational guidance for monitoring channels, extracting user/message details, reviewing reactions, and inspecting pinned content, all without any authorization, privacy, or purpose-limitation checks. In context, the skill is designed to automate Slack access, so these instructions materially enable broad surveillance and collection of interpersonal and organizational data from a communication platform that often contains sensitive internal information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template explicitly instructs analysts to paste raw Slack snapshot output and JSON snapshots, and elsewhere includes DM previews, message snippets, user activity, and screenshots. In the context of a Slack automation skill, this strongly encourages collection and persistence of potentially sensitive workplace communications and personal data without any minimization, consent, redaction, or privacy warning, increasing the chance of over-collection and secondary exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal