Skillv0.2.0

ClawScan security

Slack Thread Export · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 5:41 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its stated purpose (exporting Slack threads from a logged-in browser tab); it requires access to the browser page/session state (localStorage and in-page fetch) which is sensitive but expected for this use case.
Guidance: This skill legitimately needs to run inside a logged-in Slack browser tab and reads the Slack web client's localStorage to get the in-page token before issuing in-page fetch calls — that is how it works, but it also means the skill can access sensitive session state. Before installing or running: (1) Review the provided Python scripts and SKILL.md (you already have them) to confirm no unexpected network calls or hidden exfiltration; (2) only attach a browser tab you trust and avoid attaching tabs containing unrelated accounts or highly sensitive sessions; (3) prefer small, narrow exports (channel/date whitelist and --preflight) to reduce risk of accidental broad data export; (4) ensure the 'openclaw' binary used by the scripts is trusted on your system; (5) if you have low tolerance for exposing in-page tokens to third-party code, do not use this skill — instead use an admin API or a vetted tool that uses scoped tokens. The behavior is coherent with the stated purpose, but reading page-local tokens is sensitive, so proceed only if you trust the skill and environment.

Review Dimensions

Purpose & Capability: okName/description match what the files do: the skill attaches to an already logged-in Slack web tab via Browser Relay, reads browser-local state (localConfig_v2), and performs in-page fetch('/api/search.messages') to page through search results and write JSONL/CSV. The included Python scripts orchestrate the page evaluations and local file output — all coherent with exporting thread messages from a logged-in browser session.
Instruction Scope: noteSKILL.md explicitly instructs the agent to read localStorage.localConfig_v2 and to run fetch('/api/search.messages') inside the page context so requests inherit session cookies and tokens. This is necessary for the stated approach (browser-context export) but is sensitive: the skill has access to the Slack web client's in-page token and could read any page-local data. The included code uses page-evaluate calls only and writes output locally; it does not themselves transmit data to external endpoints.
Install Mechanism: okNo install spec; this is instruction + local Python scripts. No downloads or external install URLs are used. The scripts call a local 'openclaw' CLI via subprocess to evaluate JS in the attached browser — reasonable for the documented browser-relay workflow.
Credentials: okThe skill requests no environment variables, no external credentials, and no config paths. It relies on an attached logged-in browser tab (via Browser Relay) and on the web client state for authentication; those requirements align with the stated approach. There are no unrelated credentials or network endpoints requested by the code.
Persistence & Privilege: okThe skill is not marked always:true and does not attempt to modify other skills or system-wide configuration. It runs as a local script and writes CSV/JSONL output files; its privileges are limited to the running agent and the attached browser session.