Slack OpenAPI Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Slack API helper, but it can use Slack tokens to read messages, post messages or reactions, and optionally run a Socket Mode event capture.
Install only if you intend to let the agent operate Slack through your configured tokens. Prefer bot tokens, keep user-token and Socket Mode use explicit, confirm every Slack write before sending, and pin or locally use the reviewed OpenAPI schema.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with broad Slack tokens, the agent may read Slack conversations or act in Slack according to those token scopes.
The skill relies on Slack bearer tokens that can access workspace data or act as a bot, user, or app-level Socket Mode identity. This is expected for the stated Slack integration, but it is sensitive authority.
Token types used in practice: - `xoxb-...`: Bot User OAuth Token... - `xoxp-...`: User OAuth Token... - `xapp-...`: App-level token.
Use the least-privileged Slack token possible, prefer the bot token default, avoid binding user tokens by default, and revoke tokens that are no longer needed.
An approved or mistaken write could post a message or reaction into Slack under the configured token identity.
The skill exposes Slack write operations for posting messages and adding reactions. The behavior is purpose-aligned and the documentation calls for confirmation first, but Slack writes can affect shared or public workspace content.
## Write Examples (Confirm Intent First) ... `slack-openapi-cli post:/chat.postMessage ...` ... `slack-openapi-cli post:/reactions.add ...`
Require explicit user confirmation before any Slack write, including the target channel, thread, message text, and token identity.
If the remote schema changes, the CLI could expose different Slack operations than the reviewed local artifact.
The default setup links to a mutable raw GitHub URL on the `main` branch. This schema controls which Slack operations the generated CLI exposes, so an unpinned remote schema is a provenance risk even though it is not executable code.
`uxc link slack-openapi-cli https://slack.com/api --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/slack-openapi-skill/references/slack-web.openapi.json`
Use the packaged schema or pin the schema URL to a reviewed commit or release.
Slack events and message contents may be captured to disk while the subscription is running.
The Socket Mode workflow ingests Slack events through a provider transport and writes event payloads to a local file. This is disclosed and purpose-aligned, but event payloads may contain sensitive Slack message data.
`uxc subscribe start https://slack.com/api \ --transport slack-socket-mode \ --auth slack-app \ --sink file:$HOME/.uxc/subscriptions/slack-socket-mode.ndjson`
Only subscribe to needed Slack events, protect the sink file, delete or rotate captured data, and avoid using the workflow in workspaces where message capture is not approved.
A Slack event subscription could keep running and collecting events if the user forgets to stop it.
The subscribe workflow can create a background job. The documentation includes status and stop commands, so it is not hidden, but users should remember that it may continue ingesting events until stopped.
# Inspect job state `uxc subscribe list` `uxc subscribe status sub_123` # Stop the background job `uxc subscribe stop sub_123`
Track active subscriptions, stop them when finished, and use narrowly scoped app-level tokens.