Back to skill
Skillv1.10.5
VirusTotal security
Agent Slack · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Hash
- 2840f9b0c4c5e244bab83a081a6892bd7889280cfeaac7a2a3cdf630e68ddad6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-slack Version: 1.10.5 The bundle provides a Slack integration tool that features automated credential extraction from the Slack desktop application's local databases and the macOS Keychain (agent-slack auth extract). While documented as a convenience feature, the programmatic scraping of session tokens (xoxc) and cookies (xoxd) from another application's private storage is a high-risk behavior. The instructions in SKILL.md also direct the AI agent to maintain a persistent local memory file (MEMORY.md) and explicitly steer the agent away from standard authentication flows in favor of the extraction tool.
- External report
- View on VirusTotal