ClawHub

Slack Thread Export

Security checks across malware telemetry and agentic risk

Overview

This skill is upfront about exporting Slack data, but it uses a logged-in browser session and Slack web token to bulk save workplace messages, so users should review it carefully before installing.

Install only if you are authorized to export the selected Slack workspace data. Keep runs limited to specific users, channels, and dates; avoid untrusted channel files; store CSV/JSONL outputs securely; delete exports when no longer needed; and be careful opening CSV files in spreadsheet software.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly requires file I/O, network access, and shell execution, but it does not declare permissions or boundaries for those capabilities. That mismatch reduces user visibility and platform control, making it easier for a high-impact data export workflow to run without explicit consent or sandboxing expectations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill is built to collect Slack conversations and save both raw and cleaned datasets, but it lacks a prominent privacy warning about potentially sensitive employee communications, retention risk, and scope of collection. Users may unintentionally export private or regulated content from a logged-in session without understanding the data-handling consequences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The notes provide operational guidance for exporting Slack thread data and persisting it to CSV/JSONL, including retry and resume workflows, but do not include an explicit privacy, authorization, or data-handling warning near the export instructions. Because Slack thread exports can contain sensitive workplace communications and personal data, documentation that normalizes collection and retention without clear safeguards increases the risk of misuse, over-collection, and improper storage.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script exports Slack thread contents, usernames, permalinks, and channel metadata to JSONL/CSV files with no built-in consent prompt, redaction, or sensitivity warning. In the context of a Slack-export skill, this materially increases the risk of silent bulk exfiltration of confidential workplace communications to local files that may then be reused or shared.

Missing User Warnings

High
Confidence
99% confidence
Finding
The embedded JavaScript reads a Slack token from localStorage in the logged-in browser context and immediately uses it to query Slack search APIs. Accessing an authenticated token from a user's browser session without explicit disclosure or constrained scoping is dangerous because it enables programmatic harvesting of message data under the user's authority.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This code silently invokes a browser-automation tool against an attached Chrome profile and executes custom JavaScript in that authenticated context. In this skill's context, that is especially sensitive because the browser likely has live Slack credentials, so hidden evaluation can access and extract privileged workspace data.

Ssd 3

High
Confidence
97% confidence
Finding
The skill is explicitly designed to export Slack data from an authenticated browser session by leveraging session-derived credentials rather than a formal API authorization flow. Using a logged-in tab and session context to extract organization messages creates substantial risk of unauthorized bulk data access, insider misuse, and violation of Slack or enterprise access controls.

Ssd 3

High
Confidence
99% confidence
Finding
These instructions direct the agent to read localStorage, obtain the Slack web client's xoxc token, and call internal endpoints in page context to export results to files. Accessing browser-stored credentials and repurposing them for data extraction is highly sensitive because it bypasses normal user-facing consent and turns an interactive session into a bulk-export channel.

Ssd 3

High
Confidence
98% confidence
Finding
The core design centers on attaching to a live authenticated Slack tab and using in-page session context to retrieve exportable message rows. In context, this makes the skill more dangerous, not less, because it operationalizes authenticated browser-session hijacking techniques for bulk conversation extraction from real workspaces.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal