Back to skill
Skillv0.2.0
VirusTotal security
Slack Thread Export · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:12 AM
- Hash
- 79f16e9ef5a922bc5fbee19340c6a26528655d05ac9411b8fe0b3d86e000547c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: slack-thread-export Version: 0.2.0 The skill automates the extraction of Slack messages and internal 'xoxc' tokens from a logged-in browser session by executing JavaScript in the page context via 'openclaw browser evaluate' in scripts/export_slack_threads.py. While the stated goal in SKILL.md is data export for the user, the programmatic access to private communications and internal session tokens represents a high-risk capability. No evidence of external data exfiltration was found, but the mechanism of piggybacking on active browser sessions to query internal APIs is a technique often associated with session data theft.
- External report
- View on VirusTotal