ClawHub

Slack Extended

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Slack helper that performs user-directed uploads and Slack content management, with no hidden execution or unrelated data handling found.

Install only with a Slack bot token whose scopes match what you want this skill to do. Before use, verify the Slack channel, canvas, user, bookmark, and local file path carefully, especially because uploads send file contents to Slack and delete/remove commands change shared workspace content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script includes a permission-changing capability via `canvases.access.set`, allowing it to grant read/write access to channels or users. That exceeds the narrower create/edit expectation described in the skill metadata, increasing the risk of unintended privilege changes or data exposure if the tool is invoked by an agent without clear user awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation exposes a destructive delete operation for canvases without any warning, confirmation step, or recommendation to verify ownership/intent first. In an agent setting, this increases the chance of accidental or prompt-induced destructive actions that permanently remove collaborative content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file upload feature allows arbitrary local files to be sent to a Slack channel but does not warn about privacy, secrets exposure, or channel visibility. In an agent environment, this can lead to unintentional exfiltration of sensitive local data to external recipients.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The `delete` command performs irreversible deletion of a canvas immediately after parsing arguments, with no confirmation prompt, dry-run mode, or safety guard. In an agent-driven context, this raises the chance of accidental destructive actions from prompt misunderstanding, bad tool selection, or malformed IDs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal