Skillv1.0.0

ClawScan security

Slack · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:21 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's described functionality is coherent with controlling Slack, but the SKILL.md expects a 'slack' CLI and a bot token while the registry metadata does not declare any required binary or credential — an important mismatch you should resolve before installing.
Guidance: This skill appears to do what it says (control Slack), but it fails to declare two important runtime dependencies: the 'slack' CLI/tool and the Slack bot token it will use. Before installing, verify where the bot token comes from and who controls it, confirm the token's scope (least privilege: only the scopes needed), and ensure the 'slack' tool on the agent is the official/expected binary. If you cannot verify the token origin or the CLI, do not install. Prefer a version of the skill that explicitly lists required binaries and environment variables (e.g., SLACK_BOT_TOKEN) and provides a trusted source/homepage for the tool.

Review Dimensions

Purpose & Capability: concernName/description and the SKILL.md actions (react, send/edit/delete messages, pins, member info, emoji list) are consistent with a Slack control skill. However, the instructions explicitly reference using a 'slack' tool and 'the bot token configured for Clawdbot' while the registry metadata lists no required binaries or environment variables — the skill expects access that it does not declare.
Instruction Scope: noteSKILL.md limits behavior to Slack operations and does not ask to read local files or unrelated env vars. That scope is appropriate, but it relies on an externally configured bot token and a 'slack' tool present in the agent environment; those implicit dependencies widen the runtime surface without being documented.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest install risk. Nothing is written to disk by the skill itself based on provided metadata.
Credentials: concernThe skill will need a Slack bot token and a usable Slack CLI/tool to operate, but requires.env and primary credential are empty. Not declaring the token or tool is a proportionality problem: users can't see what secrets will be used or by whom, which risks accidental credential exposure or unexpected actions if a workspace token is already configured.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide changes. The agent can invoke the skill autonomously (default), which is expected for an integration that controls Slack; this is not by itself a red flag.