Slack

Security checks across malware telemetry and agentic risk

Overview

This Slack skill appears to provide expected Slack workspace actions, with normal privacy and deletion risks that users should control carefully.

Install only if you trust the Slack bot token configuration. Keep the Slack app scopes limited, use it only in intended workspaces and channels, and confirm before edits, deletes, pins, or reading private channel or member information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes destructive actions such as deleteMessage and privacy-impacting actions such as readMessages and memberInfo, but it does not warn the user or the calling agent about consent, scope, or the consequences of using them. In an agentic setting, this increases the chance of accidental message deletion, unauthorized reading of channel content, or misuse of Slack data because the skill presents these operations as routine actions without guardrails.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal