v1.0.0

Slack Channel Context

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:26 AM.

Analysis

This skill largely matches its stated purpose, but it should be reviewed because its file-loading tool can potentially read Markdown files outside the intended Slack context folder.

GuidanceBefore installing, make sure the maintainer adds path validation so only intended files in the Slack context directory can be read. If you use it, enable it only in the Slack channels you want, keep the context files free of secrets, and allow only trusted people to edit them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/skill.py

context_file = self.contexts_dir / f"{channel_id}.md"
if context_file.exists():
    content = self._read_file(context_file)

The tool builds a filesystem path directly from the channel_id argument and reads it if it exists. The artifact does not show validation, normalization, or a resolved-path check to ensure the file remains under the intended slack-channel-contexts directory.

User impactA crafted tool invocation or unexpected channel metadata could cause the agent to load unintended local Markdown files into its session context.

RecommendationRestrict channel IDs and names to Slack-safe patterns, reject absolute paths and '..' segments, and verify the resolved path stays inside the configured context directory before reading.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

4. **Context Injection**: Loads the found file into session context
5. **Caching**: Caches the loaded context for 1 hour

The skill intentionally loads persistent Markdown files into the agent's session context and caches them, so those files can influence later agent behavior.

User impactIf a context file contains stale, overly broad, or malicious instructions, the agent may treat them as relevant channel guidance.

RecommendationKeep the context directory editable only by trusted users, avoid storing secrets in context files, and review channel context files periodically.