ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slack Member Fetch

v1.0.0

Fetch Slack member information from a workspace or a specific Slack channel using the Slack Web API. Use when the user asks to list Slack members, get member...

0· 86·0 current·0 all-time
by@donigwapo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for donigwapo/slack-member-fetch.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Slack Member Fetch" (donigwapo/slack-member-fetch) from ClawHub.
Skill page: https://clawhub.ai/donigwapo/slack-member-fetch
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install slack-member-fetch

ClawHub CLI

Package manager switcher

npx clawhub@latest install slack-member-fetch
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code and SKILL.md implement workspace- and channel-level member listing via the Slack Web API, which matches the skill name/description. However the registry metadata reports "Required env vars: none" and no primary credential, while the SKILL.md and script clearly require SLACK_BOT_TOKEN — a manifest inconsistency.
Instruction Scope
Runtime instructions and the script only call Slack API endpoints (users.list, conversations.list, conversations.members), paginate results, optionally write JSON to a local file, and print output. There are no references to unrelated files, system secrets, or external endpoints beyond slack.com.
Install Mechanism
No install spec — this is instruction + a small Python script. Nothing is downloaded or written by an installer step.
!
Credentials
The script legitimately needs a Slack token (SLACK_BOT_TOKEN) and recommends specific Slack scopes. The concern is that the skill registry metadata does not declare this required environment variable or a primary credential, which is misleading and could cause accidental token exposure or misconfiguration. Also the output includes potentially sensitive user emails and profile data, so token scope should be limited and users should be aware of data sensitivity.
Persistence & Privilege
always is false and the skill does not attempt to persist itself, modify other skills, or change system-wide agent settings.
What to consider before installing
This skill's code matches its described purpose, but the registry metadata omitted the required SLACK_BOT_TOKEN — treat that as a red flag about provenance/quality. Before installing or running: (1) Verify you trust the source/owner (no homepage provided). (2) Only provide a bot token (xoxb...) with the minimum scopes needed (users:read, conversations:read; avoid broader scopes). (3) Be aware the output can include emails and profile fields; do not run in environments where those may be exposed. (4) Review the included script yourself (it calls only slack.com APIs and can write results to a local file). (5) Ask the publisher to update the skill manifest to declare SLACK_BOT_TOKEN as a required credential/primaryEnv so the platform can protect it properly.

Like a lobster shell, security has layers — review code before you run it.

channelvk97ea87amphh13mwcwwasw68ss83qdcrexportvk97ea87amphh13mwcwwasw68ss83qdcrlatestvk97ea87amphh13mwcwwasw68ss83qdcrmembersvk97ea87amphh13mwcwwasw68ss83qdcrslackvk97ea87amphh13mwcwwasw68ss83qdcrworkspacevk97ea87amphh13mwcwwasw68ss83qdcr
86downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@donigwapo
channelexportlatestmembersslackworkspace
Download

Slack Member Fetch

This skill fetches member information from Slack.

What it can do

  • List members from the whole Slack workspace
  • List members from a specific Slack channel by channel ID
  • List members from a specific Slack channel by channel name
  • Return structured JSON for downstream automation

Required environment variable

export SLACK_BOT_TOKEN="xoxb-..."

Recommended Slack scopes

  • users:read
  • users:read.email
  • conversations:read

Usage

Fetch all workspace members:

python3 scripts/fetch_slack_members.py --workspace

Fetch members from a channel by ID:

python3 scripts/fetch_slack_members.py --channel C0123456789

Fetch members from a channel by name:

python3 scripts/fetch_slack_members.py --channel-name general

Save output:

python3 scripts/fetch_slack_members.py --channel-name sales --out members.json

Output shape

{
  "ok": true,
  "source": "channel",
  "channel_id": "C0123456789",
  "channel_name": "sales",
  "count": 2,
  "members": [
    {
      "user_id": "U123",
      "username": "jane",
      "real_name": "Jane Doe",
      "display_name": "Jane",
      "email": "jane@example.com",
      "title": "Operations Manager",
      "timezone": "Asia/Manila",
      "is_admin": false,
      "is_owner": false,
      "is_bot": false,
      "deleted": false
    }
  ]
}

Notes

  • If email is missing, confirm the app has users:read.email
  • If channel lookup fails, confirm the app has access to that channel and conversations:read
  • For large workspaces, the script follows Slack cursor pagination automatically

Comments

Loading comments...