Slack Extended

The skill's code, instructions, and config requirements line up with its stated purpose (upload files, manage canvases, and bookmarks in Slack) and only require the Slack bot token stored in ~/.openclaw/openclaw.json.

This skill appears to do what it says: it needs your Slack bot token (channels.slack.botToken) stored at ~/.openclaw/openclaw.json and will use it to call Slack APIs to upload files, manage canvases, and bookmarks. Before installing: 1) Confirm the token has only the OAuth scopes you expect (files:write, canvases:write, bookmarks:read/write). 2) Inspect ~/.openclaw/openclaw.json and ensure it doesn't contain other secrets you don't want accessible in the skill package. 3) Remember when uploading a file the script posts file bytes to a presigned upload URL returned by Slack (this is normal; those URLs may point to storage hosts like S3). 4) If you operate in a shared environment, treat the bot token as a sensitive credential because it grants write access to your workspace. If any of these are unacceptable, do not install or run the scripts until you adjust tokens/scopes or review them with your security policy.