Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Slk
v1.0.0Read, send, search, and manage Slack messages and DMs via the slk CLI. Use when the user asks to check Slack, read channels or DMs, send Slack messages, search Slack, check unreads, manage drafts, view saved items, or interact with Slack workspace. Also use for heartbeat Slack checks. Triggers on "check slack", "any slack messages", "send on slack", "slack unreads", "search slack", "slack threads", "draft on slack", "read slack dms", "message on slack".
⭐ 0· 1.1k·0 current·0 all-time
byRohit Das@therohitdas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a macOS Slack CLI that auto-authenticates by extracting Slack session credentials from the desktop app; the package, binaries, and code (auth.js, api.js, commands.js, drafts.js) all implement that feature. Nothing required by the skill (npm slkcli, 'slk' binary) is unrelated to the stated purpose.
Instruction Scope
SKILL.md and the code instruct the agent to use the slk CLI to read/send/search/manage Slack messages. The implementation explicitly reads the macOS Keychain, copies and queries Slack's Cookies SQLite, scans LevelDB, runs local commands (sqlite3, security, openssl, python3, curl) to extract and validate session tokens. Those actions are sensitive but are required to achieve the 'session-based / acts-as-user' functionality and are documented in the README/SKILL.md.
Install Mechanism
Install is via the public npm package 'slkcli' (creates 'slk' binary). npm is a standard distribution channel for Node CLIs (moderate risk compared to no-install). No arbitrary URL downloads or extract-from-unknown-host are present. Review npm package provenance if you need stronger assurance.
Credentials
The skill requests no environment variables and no external credentials, which is consistent. However, it accesses highly sensitive local artifacts (Slack Safe Storage key from Keychain, Slack Cookies DB, LevelDB session data) because it is intentionally designed to act as the user via session tokens. That access is proportional to the stated capability but materially elevated in sensitivity compared to most CLI tools.
Persistence & Privilege
The skill does not set always:true and is user-invocable. It writes a token cache at ~/.local/slk/token-cache.json and will prompt the macOS Keychain. The README warns about the 'Always Allow' Keychain option — choosing that removes user prompts and allows any process running as your user to extract the same key, increasing risk. Autonomous invocation combined with token access increases blast radius (expected for this kind of tool).
Assessment
This skill appears to be what it claims: a macOS Slack CLI that auto-extracts your Slack session so it can act as your user. That requires reading sensitive local data (Keychain, Slack Cookies SQLite, LevelDB) and calling local tools (security, sqlite3, openssl, python3, curl). Before installing, consider: 1) Only install on a personal/trusted machine you control — on shared or managed machines this can expose session tokens; 2) Prefer answering Keychain prompts with 'Allow' rather than 'Always Allow' to avoid silent future access; 3) Inspect the npm package (author/repo) and verify its provenance if you require stronger trust; 4) Be aware a token cache (~/.local/slk/token-cache.json) is created — remove it to force re-extraction if needed; 5) If you plan to let an autonomous agent use this skill, understand it can read and send Slack messages as you (highly privileged for personal account actions). If any of the above is unacceptable, do not install or restrict agent permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk976zjecdjmjs3hc6wc25zjgjn80z6gn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💬 Clawdis
OSmacOS
Binsslk
Install
Install slk (npm)
Bins: slk
npm i -g slkcli