Security audit

Slack OpenAPI Skill

Security checks across malware telemetry and agentic risk

Overview

This Slack API helper is disclosed and purpose-aligned, but it should only be installed when you intend an agent to read or write Slack using configured tokens.

Install only if you want an agent to operate Slack with tokens you provide. Use least-privileged bot tokens by default, reserve user-token access for explicit cases, confirm channel/thread and content before writes, and stop Socket Mode subscriptions when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The schema exposes write-capable Slack operations such as chat.postMessage and reactions.add, which can modify workspace content, but it does not embed any user-facing warning, confirmation requirement, or policy annotation indicating that these actions are state-changing. In an agent skill context, this increases the risk of unintended or socially engineered actions being executed against real Slack workspaces, especially when paired with bearer-token auth and otherwise broad messaging access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal