slack-1
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This instruction-only Slack skill is coherent, but it gives the agent broad Slack read/write/delete/pin abilities through Clawdbot's bot token without clear scope or confirmation limits.
Review carefully before installing. This skill is not showing malicious code, but it can let Clawdbot act in Slack with the bot token's permissions. Use least-privilege Slack scopes, restrict accessible channels where possible, verify the publisher/package identity, and require explicit confirmation before any send, edit, delete, pin, or unpin action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could post, edit, delete, pin, or unpin Slack content in channels or DMs, potentially affecting teammates or removing important context.
The skill explicitly enables broad Slack mutations, including deleting or editing messages and changing pins, without artifact-level confirmation or scoping guidance.
Use `slack` to react, manage pins, send/edit/delete messages, and fetch member info.
Install only where Clawdbot is allowed to modify Slack. Require explicit user confirmation for send, edit, delete, pin, and unpin actions, and restrict the bot to the minimum Slack scopes and channels needed.
The agent's Slack actions will run with whatever permissions the Clawdbot bot token has, which may be broader than the user expects.
Using a Slack bot token is expected for this integration, but it is delegated account authority and the supplied metadata does not define the token scope, workspace, channel limits, or primary credential.
The tool uses the bot token configured for Clawdbot.
Verify the Slack app scopes and workspace/channel access before enabling the skill, and use a least-privilege bot token.
It may be harder to verify that the installed artifact is from the expected publisher or package identity.
The internal metadata differs from the supplied registry metadata, which identifies owner `kn76wckp6yw4969cq6tkmxnh15812cjc` and slug `slack-1`; this creates provenance and identity ambiguity.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "slack"
Confirm the publisher and package identity in ClawHub before granting this skill access to a Slack bot token.
The agent may read Slack channel or DM content that the bot token can access.
The skill can retrieve Slack message data through the Slack tool/provider. This is purpose-aligned, but Slack conversations and member information may be sensitive and the artifact does not describe data-handling boundaries.
{
"action": "readMessages",
"channelId": "C123",
"limit": 20
}Limit the bot token to appropriate channels and avoid using the skill for sensitive conversations unless the workspace data-handling expectations are clear.