Slacrawl
ReviewAudited by ClawScan on May 17, 2026.
Overview
Slacrawl appears purpose-built for searching Slack archives, but it installs an external CLI and may access private Slack messages, DMs, and Slack tokens when syncing.
Before installing, confirm you trust the slacrawl Go module and consider pinning/reviewing its source. Use the skill with narrow Slack workspaces, channels, date ranges, and search limits. Do not provide Slack tokens unless needed, and if you do, use minimal scopes and approve syncs intentionally.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The behavior you get depends on the currently published Go module version, not just the reviewed SKILL.md instructions.
The install uses a mutable @latest Go module for the executable, while the reviewed artifact set contains no implementation code for that binary.
module: github.com/openclaw/slacrawl/cmd/slacrawl@latest
Install only if you trust the slacrawl source, and prefer pinning or reviewing a specific module version before using it with private Slack data.
A Slack token could allow the tool to read Slack content according to that token’s scopes, potentially including private threads or DMs.
The skill may use Slack credentials for API sync and private thread/DM hydration, which is expected for this integration but grants access to account/workspace data.
API sync and full thread/DM hydration require Slack tokens; do not assume they exist.
Use the narrowest Slack token scopes possible, only for intended workspaces, and avoid providing tokens unless API sync or hydration is actually needed.
Private Slack messages may be surfaced to the agent and included in responses if queries are too broad.
The skill is designed to retrieve Slack archive content, including channel and DM slices, into the agent’s working context.
search local Slack archives, check freshness, inspect channel or DM slices
Ask for narrow searches, confirm the intended workspace/channel/date range, and avoid using it on Slack archives containing data the agent should not see.
Improper SQL use could reveal more archive data than intended, although the instructions tell the agent to keep SQL read-only.
The skill exposes a raw SQL query capability, but the documented use is limited to read-only counts and rankings over the Slack archive.
slacrawl sql "select count(*) from messages;" ... Use read-only SQL for exact counts/rankings.
Use SQL only for narrow, read-only analysis and avoid broad queries that dump message contents unless explicitly needed.