Security Audit

slack

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

slack received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill grants broad Slack access, enabling data exfiltration.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Skill grants broad Slack access, enabling data exfiltration The `slack` skill provides extensive capabilities including reading messages from any channel (`readMessages`), retrieving detailed member information (`memberInfo`), and sending messages to any channel or user (`sendMessage`). The documentation states, 'The tool uses the bot token configured for Clawdbot.' This implies that the skill operates with the full permissions granted to the Clawdbot. If the bot's token has broad Slack permissions (e.g., `channels:history`, `users:read`, `chat:write`), this skill effectively grants the LLM broad access to sensitive communications and user data, and the ability to exfiltrate that data through the `sendMessage` action. This broad access poses a significant risk for unauthorized data exposure or manipulation. Review the minimum necessary Slack permissions for the Clawdbot token used by this skill. Implement granular permission scopes to restrict access only to the functionalities absolutely required. For example, if `readMessages` or `memberInfo` are not strictly necessary for all use cases, consider disabling them or requiring explicit user confirmation for sensitive operations. Ensure that the LLM's access to these tools is carefully controlled and monitored to prevent misuse.	LLM	SKILL.md:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7b21ef48141b0c0a.svg)](https://skillshield.io/report/7b21ef48141b0c0a)