ClawHub

Slack Channel Context

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Slack channel context, but it can automatically load and cache private channel files into model context with unclear user control.

Install only if you are comfortable with Slack channel context files being read and added to AI sessions. Keep secrets, credentials, private personal data, and sensitive internal notes out of those files, and prefer explicit per-channel allowlists or manual review before context is loaded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill documentation describes capabilities to read environment variables, read files, and write files, but the skill declares no corresponding permissions. That mismatch weakens reviewability and least-privilege controls, making it easier for a skill to access sensitive workspace data or modify files without users understanding its effective reach.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes automatic loading of channel-specific context into AI sessions without warning that those markdown files may contain sensitive project details, private channel rules, internal names, or other confidential workspace data. Because the skill is specifically designed to inject per-channel files into model context automatically, users may unintentionally expose more information to the assistant than necessary, increasing data leakage and over-sharing risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance says to use this skill whenever the agent is in a Slack channel or thread and needs channel-specific context, which is broad enough to trigger in many ordinary conversations. In practice this can cause automatic loading of channel files into context when not strictly necessary, increasing the chance of oversharing project rules, internal notes, or other sensitive channel-scoped information.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The stated detection behavior—automatically loading whenever interacting in a Slack channel or thread—is ambiguous and overbroad, because nearly any Slack interaction may satisfy it. Combined with automatic context injection and caching, this can expose unrelated or stale channel data to subsequent tasks, creating confidentiality and context-integrity risks.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal