Slack Block Kit Bridge
Security checks across malware telemetry and agentic risk
Overview
The plugin matches its Slack-card purpose, but it asks users to grant broad no-prompt OpenClaw CLI execution and can post broadly to Slack unless channel limits are explicitly configured.
Install only if you are comfortable letting an agent send and update Slack messages. Before enabling live delivery, set allowChannels to specific channel IDs, protect the Slack bot token, avoid broad no-prompt CLI execution if possible, and do not place secrets in card text or metadata.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is misdirected, it may be able to invoke other OpenClaw CLI capabilities without an additional approval prompt.
The documented setup grants no-prompt execution of the whole OpenClaw CLI binary, not just this plugin's Slack gateway calls.
"security": "allowlist", "ask": "off", "allowlist": [ { "host": "gateway", "bin": "/usr/local/bin/openclaw" } ]Prefer the native gateway_call tool when available, keep approvals on, or restrict execution to the narrow command and arguments needed for this plugin.
A misconfigured install could let the agent post Slack messages more broadly than the user intended, especially with chat:write.public enabled.
Channel restrictions are enforced only when allowChannels is non-empty; otherwise the configured Slack bot token can post or update wherever Slack permits.
if (config.allowChannels.length > 0 && !config.allowChannels.includes(channel)) { throw new Error(`channel not allowed by slack-blockkit-bridge config: ${channel}`); }Configure allowChannels to a small list of approved Slack channel IDs and use the least-privileged Slack bot token scopes that still meet your needs.
Slack card text, metadata, session keys, and interaction state may remain on disk after use.
The plugin writes card records and interaction state to a local JSON store for later updates and duplicate-click tracking.
async upsertCard(record) { ... await this.writeAll(all); } ... await fs.writeFile(this.filePath, JSON.stringify(records, null, 2), "utf8");Avoid putting secrets in card metadata or text, choose a protected storePath if needed, and periodically clean up old card records.