Slack Thread Reader
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Slack reader, but it uses a local Slack bot token that is not declared in the registry and can fetch entire channel histories by default.
Review this skill before installing. It is read-only and appears aligned with Slack summarization, but you should confirm which Slack token it will use, what scopes that token has, and avoid running unbounded channel-history reads unless you intend to expose all accessible channel messages to the agent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill may use an existing Slack bot token from the user's local OpenClaw config to access Slack workspace data.
The skill reads a local Slack bot token from the user's OpenClaw configuration. This is purpose-aligned for Slack access, but the registry metadata declares no primary credential and no required config path, so the credential dependency is under-disclosed.
CONFIG_FILE = Path.home() / ".openclaw" / "openclaw.json" ... return json.load(f)["channels"]["slack"]["botToken"]
Declare the Slack credential and config path in metadata, document required Slack scopes, and make clear which workspace data the token can read.
A request to view or summarize a channel could bring a large amount of private Slack history into the agent context.
The documented default for channel history is to fetch all messages. For Slack channels, this can expose substantially more workspace conversation history than a user may have intended from a simple channel link.
`--limit N` | Number of channel history messages (0=all) | 0 (all)
Default to a small limit or recent date range, and ask for explicit confirmation before fetching all channel history or all thread replies.
Slack user identity mappings may remain on disk after the command finishes.
The script stores Slack user ID to real-name mappings locally for reuse. This is limited and purpose-aligned, but it is persistent local storage of workspace identity information.
USER_CACHE_FILE = Path.home() / ".cache" / "slack-reader" / "users.json" ... json.dump({"_ts": existing_ts or time.time(), "users": existing_users}, f, ensure_ascii=False)Document the cache location and retention behavior, and provide a simple way to clear the cache.
Users have less provenance information and may encounter an undeclared runtime dependency.
The registry does not identify a source or homepage, and it does not declare python3 even though the shell entrypoint runs a Python script. No remote installer or suspicious dependency is shown, so this is a disclosure/provenance note rather than a direct malicious signal.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Publish source/homepage information where possible and declare python3 as a required binary.