ClawHub

Slack Integration

Security checks across malware telemetry and agentic risk

Overview

This Slack skill does what it says, but users should treat the Slack bot token and real message/channel actions carefully.

Install only if you trust the publisher and are comfortable granting a Slack bot token. Use a least-privilege bot token, store it as a protected environment variable, and remember that tool calls can post real Slack messages and create real Slack channels.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares access to an environment variable and clearly depends on network communication with Slack, but it does not explicitly declare corresponding permissions. That mismatch weakens transparency and permission review, making it easier for a user to install a skill without fully understanding that it can read secrets and send data externally.

Vague Triggers

Low
Confidence
90% confidence
Finding
The skill description is generic enough to match a wide range of Slack-related user requests without clearly limiting when the skill should be invoked. In an agent environment, overly broad matching can cause unintended activation of message-sending or channel-management capabilities, increasing the chance of accidental actions in a real Slack workspace.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The instruction 'Use this skill to send messages and manage Slack channels' is broad and non-specific, which can cause the agent to invoke the skill in loosely related contexts without clear user intent. In a Slack integration, that increases the chance of unintended messaging, channel enumeration, or channel creation actions against a live workspace.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file instructs users to set a SLACK_BOT_TOKEN environment variable but provides no warning that this is a sensitive credential, no storage/rotation guidance, and no prohibition on exposing it in prompts, logs, or responses. Because this token can grant real access to Slack APIs, poor handling could lead to workspace data exposure or unauthorized actions in Slack.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal