Back to skill

Security audit

Slack

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal Slack integration, with expected Slack read and write abilities but no evidence of hidden or malicious behavior.

Install only in workspaces where the bot token has the minimum Slack scopes needed. Confirm channel, message timestamp, and user intent before edits, deletes, pin changes, or reading sensitive conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes destructive actions such as deleteMessage, editMessage, pin/unpin, and privacy-impacting actions such as readMessages and memberInfo, but it does not warn the operator to verify authorization, confirm user intent, or limit use to appropriate channels and messages. In an agent setting, this increases the chance of unintended data access, message tampering, or destructive actions being performed on behalf of a user without adequate safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.