Slk

The skill bundle is classified as suspicious due to its core functionality involving the extraction of sensitive Slack session credentials (xoxc- token and xoxd- cookie) from the macOS Keychain, Slack's SQLite database, and LevelDB files. This is achieved by executing system commands like `security`, `sqlite3`, `openssl`, and `python3` via Node.js `child_process.execSync` and `spawnSync` (primarily in `src/auth.js`). While this capability is high-risk, it is transparently documented in `SKILL.md` and `README.md` as the tool's intended purpose, and there is no evidence of intentional malicious behavior such as unauthorized data exfiltration to external endpoints, persistence mechanisms beyond legitimate caching, or obfuscation. The `SKILL.md` instructions for the AI agent are benign and guide the agent to use the tool for its stated Slack interaction purposes.