ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slack Backup

v1.0.0

Back up files uploaded to a Slack channel to the local doc/backup directory. Supports smart matching: multiple files, filename prefix/keyword filter, file ty...

0· 346·1 current·1 all-time
by@caigang78

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for caigang78/slack-backup.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Slack Backup" (caigang78/slack-backup) from ClawHub.
Skill page: https://clawhub.ai/caigang78/slack-backup
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install caigang78/slack-backup

ClawHub CLI

Package manager switcher

npx clawhub@latest install slack-backup
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's purpose is to download files from Slack, which requires a Slack API token or similar credential, but the registry metadata and SKILL.md declare no required environment variables or primary credential. The bundled bash script also references a Python downloader and an args helper located in ../shared that are not included in the skill. These missing pieces are not proportionate to the stated purpose and suggest poor packaging or hidden dependencies.
!
Instruction Scope
SKILL.md instructs the agent to set env vars and run slack_backup.sh only via exec, and to verify SUCCESS output. It does not describe how the script authenticates to Slack (which env var or config to provide). The instructions implicitly rely on external files (../shared/slack_downloader.py and ../shared/slack_args.sh) that the agent will execute or source, but those files are not part of the skill — this extends the skill's runtime scope beyond the provided bundle.
!
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself, but the included slack_backup.sh executes ../shared/slack_downloader.py and sources ../shared/slack_args.sh. Executing/sourcing code outside the skill bundle (in a parent/shared directory) is a supply-chain risk: the skill will run code not delivered in the package, and there is no provenance or URL given for those files.
!
Credentials
The skill expects to call the Slack API but declares no required credentials. The script uses environment variables for behavior (LIMIT, MINUTES, NAME_PREFIX, FILE_TYPE) which are fine, but there is no declaration for the Slack token (e.g., SLACK_BOT_TOKEN or SLACK_TOKEN) or how authentication is supplied. Requesting zero env vars while needing an API token is disproportionate and ambiguous.
!
Persistence & Privilege
The skill is not forced-always and is user-invocable (normal). However, it sources an external script (../shared/slack_args.sh) and runs a Python downloader from ../shared — both actions execute code outside the skill's own directory. That gives the skill the ability to run arbitrary code from shared/system locations, increasing privilege and supply-chain attack surface.
What to consider before installing
This skill is inconsistent and potentially unsafe as packaged. Before installing or running it: 1) Do not provide Slack credentials yet — SKILL.md doesn't say which env var or how the token is supplied. 2) Inspect the referenced ../shared/slack_downloader.py and ../shared/slack_args.sh files (they are not included) — the bash script will execute and source those files, so they must be trusted. 3) If those shared files come from the platform, ask the maintainer which Slack token env var is required and where that token will be stored/used. 4) If you proceed, test in an isolated environment and verify the downloader's code to ensure it only talks to Slack and writes only to the backup directory. 5) If the author cannot provide the missing files or a convincing explanation for why credentials are omitted, do not install — the mismatch is suspicious (likely poor packaging or hidden behavior), not proof of intent to harm, but worthy of caution.

Like a lobster shell, security has layers — review code before you run it.

backupvk978j57zsbnh1a4yyranmdky6182gm41latestvk978j57zsbnh1a4yyranmdky6182gm41slackvk978j57zsbnh1a4yyranmdky6182gm41
346downloads
0stars
1versions
Updated 17h ago
v1.0.0
MIT-0
@caigang78
backuplatestslack
Download

Slack Backup Skill

Backup directory: ~/.openclaw/doc/backup/

Strict rules (must be followed — violations are treated as critical errors):

  • Do not use write/edit tools to create or modify any files
  • Do not create Python scripts, test scripts, or any auxiliary files
  • Do not generate, guess, or fabricate file contents and write them to disk — even if the filename is known
  • Only run slack_backup.sh via exec to download real files
  • Must verify that the script outputs SUCCESS: /path/to/file and that the file exists with size > 0
  • If the script reports ERROR, inform the user honestly — do not fabricate a success status

Smart Matching: Interpret Intent → Set Variables → Call Script

The agent interprets the user's natural language, determines intent, sets the corresponding environment variables, then calls the script.

User saysEnvironment variables
"Back up the latest file" / "Back up this file"(default, no variables needed)
"Back up the last two files" / "Back up these two files"LIMIT=2
"Back up files starting with report"NAME_PREFIX=report
"Back up files with contract in the name"NAME_CONTAINS=contract
"Back up the PDF I just uploaded" / "Back up the PDF from just now"MINUTES=5 FILE_TYPE=pdf
"Back up the video I just uploaded"MINUTES=5 FILE_TYPE=video
"Back up the image I just uploaded"MINUTES=5 FILE_TYPE=image
"Back up the last three files"LIMIT=3 MINUTES=10
"Back up all PDFs from the last 5 minutes"MINUTES=5 FILE_TYPE=pdf LIMIT=5

FILE_TYPE values: pdf / image / video / doc / file (default — matches all)

Invocation

# Default: back up latest file
<SKILL_DIR>/slack_backup.sh

# Back up the latest 2 files
LIMIT=2 <SKILL_DIR>/slack_backup.sh

# Back up files whose name starts with "report"
NAME_PREFIX=report <SKILL_DIR>/slack_backup.sh

# Back up PDFs uploaded in the last 5 minutes
MINUTES=5 FILE_TYPE=pdf <SKILL_DIR>/slack_backup.sh

# Back up up to 3 files from the last 10 minutes
LIMIT=3 MINUTES=10 <SKILL_DIR>/slack_backup.sh

Script prints SUCCESS: /path/to/file for each file on success.

Important: The script downloads real files from the Slack API. The downloaded file size should match the original. If a backup file is unexpectedly small (e.g. a few KB), something went wrong — report the error to the user honestly.

List Backups

ls -lht ~/.openclaw/doc/backup/

Comments

Loading comments...