critical
suspicious.exposed_secret_literal
- Location
- scripts/init-mcporter.sh:91
- Finding
- File appears to expose a hardcoded API secret or token.
Maverick Slack Mcp
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI01: Agent Goal HijackWhat this means
Slack's MCP server may provide usage instructions that affect tool selection and arguments during the session.
Why it was flagged
Remote MCP server instructions can influence how the agent uses tools. In context this is disclosed as tool-catalog guidance, but it should not supersede user intent or the skill's own safety rules.
Skill content
The output includes the server's `Instructions:` field, if published... Treat this as the authoritative reference for the rest of the session.
Recommendation
Treat server instructions as tool documentation only, and ignore any instruction that conflicts with the user's request, approval requirements, or safety policies.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If misused, the agent could post or update Slack content in the connected workspace.
Why it was flagged
The skill can perform visible Slack mutations, but the same section instructs the agent to confirm clear user intent and preview the exact message or canvas update before sending.
Skill content
Write-capable tools can post messages, draft or update messages, create or update canvases, and make other externally visible Slack changes in the connected workspace.
Recommendation
Only approve Slack writes when the channel, recipients, and exact message or canvas content are clear and intended.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone who can access the relevant environment variables or local mcporter vault may be able to use the Slack integration's delegated access.
Why it was flagged
The script seeds mcporter's OAuth vault with Slack access and refresh tokens plus the client secret, giving the integration delegated access to the connected Slack workspace.
Skill content
tokens: {access_token: env.mcp_access, refresh_token: env.mcp_refresh, token_type: "Bearer"}, ... {client_secret: env.mcp_client_secret}Recommendation
Use appropriately scoped Slack app credentials, protect the local environment and mcporter vault, and revoke or rotate the OAuth grant if access is no longer needed.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The integration's behavior depends partly on the installed mcporter package, not only on the reviewed wrapper scripts.
Why it was flagged
The skill depends on installing the external mcporter Node package. This is expected for the MCP pass-through design, but users depend on that package's provenance and updates.
Skill content
"install": [{ "id": "node", "kind": "node", "package": "mcporter", "bins": ["mcporter"] }]Recommendation
Install from a trusted registry and consider pinning or verifying the mcporter package version in environments with stricter supply-chain requirements.