Back to skill
Skillv1.0.0
VirusTotal security
Slack Channel Context · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 27, 2026, 2:26 AM
- Hash
- f9eb098768d93656090ba6e5a290e359418820117833fba1bf9a3c26a718bce0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: slack-channel-context Version: 1.0.0 The skill is designed to automatically load Slack channel-specific context from local Markdown files into an AI session. It is classified as suspicious because the implementation in `scripts/skill.py` and `scripts/load_context.py` lacks input sanitization on the `channel_id` and `channel_name` parameters, which are used to construct file paths. This creates a path traversal vulnerability that could allow an attacker to read arbitrary `.md` files on the host system if the agent is provided with a malicious channel identifier (e.g., `../../etc/shadow`). No evidence of intentional malice, data exfiltration, or unauthorized remote control was found.
- External report
- View on VirusTotal