Slack Team Assistant

Security checks across malware telemetry and agentic risk

Overview

This Slack skill is disclosed and not malicious, but it bundles broad admin and audit-log access into a messaging-oriented assistant, so users should review the requested Slack permissions carefully.

Install only if you are comfortable connecting Slack through ClawLink and granting the resulting OAuth scopes. Review the Slack consent screen closely, avoid granting admin or audit-log scopes unless you specifically need them, and require explicit confirmation before any message, deletion, invitation, channel, user-group, emoji, file, canvas, or call-changing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill manifest frames the capability as routine Slack messaging and coordination, but the documented tool surface extends into admin and enterprise-security functions. That mismatch can cause users or orchestrators to invoke a much broader privilege set than expected, increasing the risk of over-privileged installation and unintended access to sensitive workspace data.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: Enterprise audit logs contain sensitive security and employee activity data that is materially different from normal messaging functionality. Including audit-log access in a communication-oriented skill creates unjustified access expansion and can enable surveillance, incident-data exposure, or misuse if the skill is selected for ordinary Slack tasks.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Workspace administration actions such as inviting users and managing user groups exceed the stated messaging-focused purpose and broaden the operational blast radius of the skill. This can lead to unauthorized provisioning, privilege changes, or governance bypass if users believe they are enabling only chat-related automation.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The documentation states that all write operations require explicit user confirmation, but other sections include direct callable examples and workflow guidance that may not reliably enforce that guarantee. Inconsistent safety rules are dangerous because agents may execute destructive or externally visible actions based on examples instead of a hard confirmation requirement.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal