ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slack Standup

Automates Slack daily standups by prompting updates, compiling responses, and posting summaries on a set schedule.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 137 · 1 current installs · 1 all-time installs
byawei@allanwei
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, README, SETUP.md and scripts/standup.sh all consistently implement a Slack standup bot that posts prompts and summaries to a channel using a Slack Bot token and channel ID. The requested capabilities (collect, aggregate, post, schedule) match the included script and docs.
Instruction Scope
SKILL.md and SETUP.md explicitly instruct configuring SLACK_BOT_TOKEN and channel/time settings; the runtime script reads SLACK_BOT_TOKEN and SLACK_CHANNEL_ID and calls Slack's chat.postMessage API. The instructions do not attempt to read unrelated files or exfiltrate data to unknown endpoints; network calls are limited to https://slack.com/api/chat.postMessage. However, the skill's runtime instructions and script assume environment variables that are not declared in the registry metadata (see environment_proportionality).
Install Mechanism
No install spec is provided (instruction-only plus a small shell script). Nothing is downloaded from external URLs or written to unexpected locations; risk from the install mechanism is low.
!
Credentials
The skill requires SLACK_BOT_TOKEN and SLACK_CHANNEL_ID (used directly by scripts/standup.sh and documented in SETUP.md), but the registry metadata lists no required environment variables and no primary credential. This mismatch is a material inconsistency: the skill needs a sensitive token (xoxb- style) and a channel identifier but the registry doesn't declare them for the user or platform to enforce/ask for. No other unrelated secrets are requested.
Persistence & Privilege
always is false and model invocation is allowed (the platform default). The skill does not request any persistent agent-level privileges or modify other skills/config; no elevated persistence or cross-skill access is requested.
What to consider before installing
This skill's files implement a simple Slack bot that needs a Slack bot token (xoxb-*) and a channel ID — but the registry metadata does not declare those environment variables. Before installing: 1) confirm the publisher/trustworthiness (homepage is missing and owner ID is opaque); 2) only provide a bot token with minimal scopes (chat:write, chat:write.public, channels:read) and test in a sandbox workspace; 3) do not commit tokens to source or share them; 4) verify the skill will store tokens only in the intended agent config and not transmit them elsewhere; 5) ask the publisher to update the registry metadata to explicitly declare required env vars and primary credential so you can safely grant the token. If you cannot verify the source or the metadata update, treat the mismatch as a red flag and avoid using real production credentials.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk973hymnh3pb4n46khd6haz85982phfg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

slack-standup SKILL.md

Skill Identity

  • Name: slack-standup
  • Version: 1.
  • License: MIT
  • Category: Productivity / Team Collaboration

Description

Automated daily standup bot for Slack. Collects updates at scheduled times, aggregates responses, posts summaries.

Business Value

  • Problem: Remote teams waste time scheduling standup meetings
  • Solution: Async standup via Slack bot
  • ROI: Saves 15-30 min/day per team member

Capabilities

  1. collect_standup - Prompt team for daily updates
  2. aggregate_responses - Compile into formatted summary
  3. post_summary - Post to designated channel
  4. schedule_reminder - Set recurring daily prompts

Tools Required

  • Slack Bot API (xoxb-* token)
  • Cron scheduling
  • Text formatting (Slack MRKDWN)

Installation

  1. clawhub install slack-standup
  2. Configure Slack bot token
  3. Set standup time (9:00 AM default)
  4. Test: /standup test

Pricing

  • One-time: $25
  • Subscription: $5/month
  • Team: $50 (up to 10 members)

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…