slack-1
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: slack-1 Version: 1.0.0 The skill bundle provides standard Slack interaction capabilities, including message management, reactions, pins, and member information retrieval. All actions described in SKILL.md are aligned with the stated purpose of controlling Slack via a bot token. There is no evidence of prompt injection attempts against the AI agent, data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. The content is straightforward and appears to be a legitimate utility.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could post, edit, delete, pin, or unpin Slack content in channels or DMs, potentially affecting teammates or removing important context.
The skill explicitly enables broad Slack mutations, including deleting or editing messages and changing pins, without artifact-level confirmation or scoping guidance.
Use `slack` to react, manage pins, send/edit/delete messages, and fetch member info.
Install only where Clawdbot is allowed to modify Slack. Require explicit user confirmation for send, edit, delete, pin, and unpin actions, and restrict the bot to the minimum Slack scopes and channels needed.
The agent's Slack actions will run with whatever permissions the Clawdbot bot token has, which may be broader than the user expects.
Using a Slack bot token is expected for this integration, but it is delegated account authority and the supplied metadata does not define the token scope, workspace, channel limits, or primary credential.
The tool uses the bot token configured for Clawdbot.
Verify the Slack app scopes and workspace/channel access before enabling the skill, and use a least-privilege bot token.
It may be harder to verify that the installed artifact is from the expected publisher or package identity.
The internal metadata differs from the supplied registry metadata, which identifies owner `kn76wckp6yw4969cq6tkmxnh15812cjc` and slug `slack-1`; this creates provenance and identity ambiguity.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "slack"
Confirm the publisher and package identity in ClawHub before granting this skill access to a Slack bot token.
The agent may read Slack channel or DM content that the bot token can access.
The skill can retrieve Slack message data through the Slack tool/provider. This is purpose-aligned, but Slack conversations and member information may be sensitive and the artifact does not describe data-handling boundaries.
{
"action": "readMessages",
"channelId": "C123",
"limit": 20
}Limit the bot token to appropriate channels and avoid using the skill for sensitive conversations unless the workspace data-handling expectations are clear.