Openclaw Slack 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This is a coherent official OpenClaw Slack connector, with sensitive Slack access that is expected for its purpose but should be configured carefully.

Install only if you want OpenClaw connected to your Slack workspace. Review the Slack app scopes, restrict which channels and users can invoke it, keep userToken disabled unless a workflow truly needs user-context access, and disable message/config write features you do not intend to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This code enumerates Slack users via `users.list` and returns profile attributes including display name, real name, handle, email-derived search matching, and the full raw Slack user object. That is a genuine privacy-sensitive directory harvesting behavior, and there is no visible in-file consent check, scope restriction, or minimization before collecting and returning the data.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: This function enumerates Slack channels through `conversations.list` and returns channel identifiers and names, again without any visible disclosure, approval gate, or access-policy check in the file. While less sensitive than user profiles, it still exposes internal workspace structure that can aid reconnaissance.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal