Skillv4.0.0

ClawScan security

Slack Automator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 19, 2026, 1:25 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose (sending Slack messages via Incoming Webhooks) and do not request unrelated credentials or install remote code.
Guidance: This skill appears to do what it claims, but review and take these precautions before installing/using it: - Inspect the included script (scripts/script.sh) yourself before running. It will create ~/.slack-automator and write config.json, history.json, schedule.json, and template files there. - The Slack webhook URL is stored in plaintext at ~/.slack-automator/config.json. Use a webhook that is scoped to a single channel and rotate it if needed. Set file permissions (chmod 600 ~/.slack-automator/config.json) to limit local access. - The script uses python heredocs with shell-interpolated variables. Avoid passing untrusted content into template save/use or schedule commands to reduce risks from malformed input; prefer simple text values. - The schedule feature only stores cron data locally; you must create your own cron job to trigger sends. Be careful when enabling automated scheduled sends to production channels. - If you need stronger security or auditing, consider using a Slack app with scoped OAuth tokens and finer permissions rather than a shared incoming webhook. If you want me to, I can (a) point out specific lines in scripts/script.sh that would be worth hardening, or (b) produce a checklist of commands to safely inspect and set permissions for the files the skill creates.

Review Dimensions

Purpose & Capability: okName/description match the included script and SKILL.md. The script implements connecting to a Slack Incoming Webhook, sending messages, templates, and a local schedule store — all coherent with 'Slack Automator'. Required tools (bash, curl, python3) are reasonable for the described functionality.
Instruction Scope: noteSKILL.md and the script only read/write files under the user's home directory (~/.slack-automator) and perform HTTP POSTs to Slack webhooks. The instructions do not request unrelated files or environment variables. Note: the script embeds user-provided values into Python heredocs via shell interpolation; if you feed untrusted input into commands that save/format templates or schedule messages, malformed input could break the Python snippets or produce unexpected output. This is a local input-safety concern rather than evidence of malicious behavior.
Install Mechanism: okNo install spec or remote downloads — the skill is instruction-only and ships a local bash script. Nothing is fetched from external arbitrary URLs during installation.
Credentials: okThe skill requests no environment variables or external credentials; it stores a Slack Incoming Webhook URL locally in ~/.slack-automator/config.json. That is proportionate to its purpose (sending webhook messages).
Persistence & Privilege: noteThe skill persists configuration, history, templates, and schedules under ~/.slack-automator. This is expected for the feature set but gives the script permanent presence in the user's home directory. It does not request platform-wide privileges or modify other skills.