ClawHub

Slackbot

Security checks across malware telemetry and agentic risk

Overview

This Slack integration is coherent, but it gives an agent broad access to workspace messages, files, users, and public file sharing with weaker warnings than that access deserves.

Review the Slack OAuth scopes and connect only workspaces where agent access to messages, files, user profiles, and search results is acceptable. Require explicit user approval before broad searches, history/file retrieval, message posting, deletion, or public file sharing, and revoke public links and OAuth access when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises broad access to workspace messages, files, users, and search capabilities, but it does not clearly warn users that connecting the integration may expose sensitive internal communications and documents to the agent. In a Slack integration, this omission matters because users may assume ordinary bot-style scope rather than organization-wide discovery and search across potentially confidential content.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documented tool to enable public sharing of a file can create externally accessible URLs, but the skill does not explicitly warn that this may expose Slack-hosted files outside the workspace boundary. This is dangerous because users may treat it as a routine file operation and unintentionally disclose sensitive documents to anyone with the public link.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Security & Permissions

- **Read** operations (listing channels, messages, users, files, searching) are safe and require no confirmation.
- **Write** operations (sending messages, creating channels, scheduling, managing reactions) modify data and require confirmation.
- **Destructive** operations (deleting messages, files, canvases, scheduled messages) are high-impact and irreversible.
Confidence
89% confidence
Finding
no confirmation

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal