Is skills/slack safe?

https://github.com/openclaw/openclaw/tree/main/skills/slack

93
SAFE

This is a legitimate Slack integration skill that provides standard bot functionality for message management, reactions, and pin operations. The skill contains only documentation with no executable code and shows no signs of malicious intent.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

LOW Network activity during installation -5

Standard git clone operation connected to GitHub to download skill content. This is expected behavior.

MEDIUM Potential data exfiltration through messages -15

The skill can send messages to Slack channels/users, which could potentially be misused to exfiltrate sensitive data if the agent has access to such data.

LOW Standard Slack bot security considerations -20

The skill provides legitimate Slack bot functionality but requires proper token configuration and channel permissions to prevent misuse.