Back to skill

Security audit

testat1

Security checks across malware telemetry and agentic risk

Overview

This Slack skill appears purpose-built and non-malicious, but it gives an agent Slack message-changing powers without clear confirmation or least-privilege guidance.

Review before installing. Use a least-privilege Slack bot token, restrict the bot to intended channels where possible, and require explicit user confirmation before sending, editing, deleting, pinning, unpinning, or reading sensitive Slack messages or member details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill exposes destructive Slack capabilities such as deleteMessage, editMessage, pinMessage, and unpinMessage without any warning, confirmation guidance, or guardrails for when these actions should be used. In an agent setting, this increases the chance of accidental or unauthorized modification of records, loss of conversation history, and disruption of channel state because the model may invoke these operations as routine actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.