Slack Thread Export
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is upfront about exporting Slack through your logged-in browser, but it needs review because it uses your Slack web session and has unsafe handling of generated browser code and CSV output.
Install only if you are comfortable letting the agent use your logged-in Slack tab to export messages. Keep exports scoped to specific channels, users, and dates; avoid untrusted channel files; and sanitize or carefully handle the resulting CSV/JSONL files before sharing or opening them in spreadsheets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can export Slack messages that your logged-in browser session is allowed to search in the selected workspace and channels.
The skill intentionally uses the logged-in Slack web session and web-client token to access Slack search results. This is disclosed and purpose-aligned, but it is high-impact account/session authority.
Read `localStorage.localConfig_v2` from the Slack tab to get the active team metadata and xoxc token used by the web client.
Use only with a Slack account and workspace you are authorized to export from; keep the channel/date/user scope narrow and review the output before sharing it.
A malicious or malformed channel/date/user/team value could alter the JavaScript run in your logged-in Slack page, potentially exposing session-accessible Slack data.
User-supplied values from CLI arguments or channel files are interpolated directly into JavaScript source that is executed inside an authenticated Slack tab, with no visible escaping or validation.
const channel = '__CHANNEL__'; ... fn = (JS_TEMPLATE .replace('__CHANNEL__', channel) ...); cmd = ['openclaw', 'browser', ... 'evaluate', '--target-id', target_id, '--fn', fn, '--json']Validate channel, user, team, and date inputs against strict Slack-safe patterns, or serialize values into JavaScript with JSON escaping instead of raw string replacement. Do not run this with untrusted channel files.
If exported CSV files are opened in spreadsheet software, a Slack message beginning with a formula character could be interpreted as a spreadsheet formula.
Slack message text is untrusted multi-user content, and the code writes it directly to CSV without visible formula-prefix neutralization.
text = (item.text || '').replace(/\s+/g, ' ').trim(); ... w.writerow({k: row.get(k, '') for k in FIELDS})Neutralize CSV cells beginning with '=', '+', '-', '@', tab, or carriage return before writing, or warn users to open exports in a safe text/CSV viewer.
The exported files may persist sensitive Slack conversations and could later be reused by people or agents outside the original context.
The skill deliberately creates reusable local archives of Slack message content, which may contain private data and untrusted text.
Save both: raw JSONL for audit/debugging; cleaned CSV for the user's actual deliverable
Store exports in a protected location, delete them when no longer needed, and treat exported Slack content as untrusted input if it is later fed to another tool or agent.