ClawHub

Slack Thread Reader

Security checks across malware telemetry and agentic risk

Overview

This is a real read-only Slack reader, but it can pull large private Slack histories using a local bot token and keeps Slack user-name mappings on disk.

Install only if you are comfortable letting the agent read Slack content available to the configured bot token. Use narrow channel links, `--limit`, and `--from`/`--to` ranges where possible, confirm whether threads should be included, and review the Slack bot scopes plus the local user cache at `~/.cache/slack-reader/users.json`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill is designed to retrieve and summarize Slack conversations, including participant names, message contents, thread activity, and attachment identifiers, but the description does not warn that using it may expose sensitive internal communications to the agent and downstream outputs. In this context, the omission is more dangerous because Slack history often contains confidential business, employee, incident, or credential-adjacent information, and the skill emphasizes broad retrieval and summarization across channels and threads.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script caches Slack user ID to real-name mappings on disk under ~/.cache/slack-reader/users.json without any permission hardening or user warning. On shared or weakly secured systems, this can unnecessarily retain workplace identity data and expose employee names or membership information beyond the immediate runtime need.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal