Code PluginExecutes codesource-linked

Slack Tools

marxbiotech-slack-tools

Community code plugin. Review compatibility and verification before install.

marxbiotech-slack-tools · runtime id marxbiotech-slack-tools

Install

openclaw plugins install clawhub:marxbiotech-slack-tools

Latest Release

Version 1.0.0

Download zip

Compatibility

{
  "builtWithOpenClawVersion": "2026.3.23",
  "pluginApiRange": ">=1.0.0"
}

Capabilities

{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code"
  ],
  "channels": [],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "marxbiotech-slack-tools",
  "serviceNames": [],
  "setupEntry": false,
  "toolNames": []
}

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description (Slack management) aligns with the included code: it reads/writes OpenClaw credential files and calls Slack APIs. However the published SKILL.md is just package metadata JSON rather than human-readable runtime instructions, which is unexpected and reduces transparency.

Instruction Scope

The runtime code reads/writes files under the OpenClaw credentials/oauth directory and runs 'openclaw config set/unset' via runtime.system.runCommandWithTimeout. It also contains a large built-in system-prompt-like string (BOT_TO_BOT_MENTION_PROMPT) that instructs model behavior (adds <conversation-state> blocks) — this is effectively a prompt override embedded in the plugin. The SKILL.md does not explicitly describe these behaviors or the exact files/paths that will be used, limiting user visibility.

✓

Install Mechanism

No install spec — code is provided but nothing will be downloaded or executed from third-party URLs at install time. This is lower risk than remote downloads, though the plugin will run inside the agent process when invoked.

Credentials

Manifest claims no required env vars, but the code reads process.env.OPENCLAW_HOME (optional) and also attempts best-effort notifications using TELEGRAM_BOT_TOKEN and TELEGRAM_LIFECYCLE_CHAT_ID if present. Those Telegram-related env vars are undocumented in the manifest and grant the plugin ability to send external messages if accidentally provided. The code also expects Slack credentials to be stored in OpenClaw's credential directory (reasonable) but the mechanism for obtaining a Slack token is not documented in SKILL.md.

ℹ

Persistence & Privilege

always is false and the plugin does not request system-wide 'always' presence. It does create and modify files under the user's OpenClaw credential directory and invokes the OpenClaw CLI to set config values — these are coherent for a credentials/config-management plugin but are privileged actions within the OpenClaw environment and should be understood by the user.

Scan Findings in Context

[system-prompt-override] expected: The plugin includes a long BOT_TO_BOT_MENTION_PROMPT (rules for conversation-state) which functions like a system prompt for channel-specific bot behavior; for a Slack prompt-management tool this is plausible, but embedding such a prompt in code can also change model behavior unexpectedly and matches the pre-scan pattern.

What to consider before installing

This skill appears to implement Slack channel pairing and per-channel prompt/discipline features and will read/write files under your OpenClaw credential directory and call the OpenClaw CLI. Before installing: 1) Ask the author how Slack tokens are provided/stored and verify there is no undocumented remote endpoint expecting your secrets. 2) Do not set TELEGRAM_BOT_TOKEN or TELEGRAM_LIFECYCLE_CHAT_ID if you don't want the plugin to send notifications externally (the plugin will use them if present). 3) Request a proper SKILL.md or documentation that lists exactly which files will be created (e.g., ~/.openclaw/credentials/slack-*.json) and how pairing tokens are handled. 4) Review the included index.ts (which you have) for any additional network calls or hardcoded endpoints. If you lack the ability to verify these items, consider running the skill in an isolated environment or declining installation.

✗

index.ts:31

Environment variable access combined with network send.

index.ts:1

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

{
  "hasProvenance": false,
  "scanStatus": "pending",
  "scope": "artifact-only",
  "sourceCommit": "172ec47851ae8a6516032204dce3182fc800e077",
  "sourceRepo": "marxbiotech/moltbot-app",
  "sourceTag": "172ec47851ae8a6516032204dce3182fc800e077",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}