ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slk

v0.1.7

Read, send, search, and manage Slack messages and DMs via the slk CLI. Use when the user asks to check Slack, read channels or DMs, send Slack messages, search Slack, check unreads, manage drafts, view saved items, or interact with Slack workspace. Also use for heartbeat Slack checks. Triggers on "check slack", "any slack messages", "send on slack", "slack unreads", "search slack", "slack threads", "draft on slack", "read slack dms", "message on slack".

2· 2.8k·8 current·8 all-time
byRohit Das@therohitdas
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Slack CLI to read/send/search Slack as the user) aligns with the code and runtime behavior: the package auto-extracts session tokens from Slack desktop app and calls Slack API endpoints to read/send messages, manage drafts, search, etc.
Instruction Scope
SKILL.md instructs agents to use the slk CLI for reads, sends, searches and heartbeat checks. The instructions are explicit about the tool extracting session tokens from Keychain/LevelDB and about token caching. The skill grants an agent discretion to run recurring 'heartbeat' checks (unread monitoring) which will repeatedly read user messages — this is expected for an agent-facing Slack CLI but is sensitive and worth explicitly consenting to.
Install Mechanism
Install is via the npm package 'slkcli' (registry), which is a normal package-based install; no arbitrary URL downloads or archive extraction are used. Source files are included in the package manifest, not fetched from a personal server.
!
Credentials
The skill requests no environment variables, which is coherent, but the runtime code invokes several system utilities (macOS 'security', 'sqlite3' via sqlite3 CLI, 'openssl', 'python3', and 'curl') to extract/decrypt cookies and validate tokens. The skill metadata only declares the 'slk' binary as required, so the additional required system tools are not explicitly listed — this mismatch is a packaging/manifest omission. Also, the code reads Keychain, Slack cookie DB, and LevelDB (user session credentials). Those accesses are necessary for the stated session-based auth behavior but are highly sensitive (they extract session tokens that act as your user).
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It caches tokens to ~/.local/slk/token-cache.json (expected). It spawns helper processes and writes temporary files during decryption but generally cleans them up; token cache is local to the user.
What to consider before installing
This package is functionally what it says: a macOS Slack CLI that auto-extracts your session token from the Slack desktop app (Keychain + cookies + LevelDB) and then acts with your user privileges. Before installing: - Understand the sensitivity: the tool extracts session tokens that let it act as you (xoxc- tokens). That is required for its design, but it is powerful — any message-sending or reading capabilities are performed as your user. - Expect macOS prompts: on first run macOS will prompt Keychain access for 'Slack Safe Storage'. Choosing 'Always Allow' makes future extractions silent; prefer 'Allow' if you want visibility into each access. - Check system dependencies: the code invokes security, sqlite3, openssl, python3 and curl. Confirm these binaries are present and trustworthy on your machine. The skill metadata only lists the slk binary, so the package omission is a packaging issue. - Validate the npm package & author: inspect the package contents, README, and the npm/github project (verify repository and publisher) before installing; if you need organizational approval, get it first. - Consider alternatives: use an official Slack bot token or OAuth app with limited scopes if you want agent access with auditable, revocable credentials rather than extracting your user session. Given the sensitive operations and the mismatch between declared and actually-required system tools, treat this as suspicious until you verify the package source and are comfortable with session-token extraction.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💬 Clawdis
OSmacOS
Binsslk

Install

Install slk (npm)
Bins: slk
npm i -g slkcli
latestvk975pntgz74j5hpjfj9c269v4x80y3y1
2.8kdownloads
2stars
5versions
Updated 3h ago
v0.1.7
MIT-0
macOS
Rohit Das@therohitdas
latest
Download

slk — Slack CLI

Session-based Slack CLI for macOS. Auto-authenticates from the Slack desktop app — no tokens, no OAuth, no app installs. Acts as your user (xoxc- session tokens).

Commands

# Auth
slk auth                              # Test authentication, show user/team

# Read
slk channels                          # List channels (alias: ch)
slk dms                               # List DM conversations with IDs (alias: dm)
slk read <channel> [count]            # Read recent messages, default 20 (alias: r)
slk read @username [count]            # Read DMs by username
slk read <channel> --threads          # Auto-expand all threads
slk read <channel> --from 2026-02-01  # Date range filter
slk thread <channel> <ts> [count]     # Read thread replies, default 50 (alias: t)
slk search <query> [count]            # Search messages across workspace
slk users                             # List workspace users (alias: u)

# Activity
slk activity                          # All channels with unread/mention counts (alias: a)
slk unread                            # Only unreads, excludes muted (alias: ur)
slk starred                           # VIP users + starred items (alias: star)
slk saved [count] [--all]             # Saved for later items (alias: sv)
slk pins <channel>                    # Pinned items in a channel (alias: pin)

# Write
slk send <channel> <message>          # Send a message (alias: s)
slk react <channel> <ts> <emoji>      # React to a message

# Drafts (synced to Slack editor UI)
slk draft <channel> <message>         # Draft a channel message
slk draft thread <ch> <ts> <message>  # Draft a thread reply
slk draft user <user_id> <message>    # Draft a DM
slk drafts                            # List active drafts
slk draft drop <draft_id>             # Delete a draft

Channel accepts name (general), ID (C08A8AQ2AFP), @username for DMs, or user ID (U07RQTFCLUC).

Auth

Automatic — extracts session token from Slack desktop app's LevelDB + decrypts cookie from macOS Keychain.

First run: macOS will show a Keychain dialog asking to allow access to "Slack Safe Storage":

  • Allow — one-time access, prompted again next time
  • Always Allow — permanent, no future prompts (convenient but any process running as your user can extract credentials silently)
  • Deny — blocks access, slk cannot authenticate

Token cache: ~/.local/slk/token-cache.json — auto-validated, auto-refreshed on invalid_auth.

If auth fails (token rotated, Slack logged out):

rm ~/.local/slk/token-cache.json
slk auth

Slack desktop app must be installed and logged in. Does not need to be running if token is cached.

Reading Threads

Threads require a Slack timestamp. Use --ts to get it, then read the thread:

slk read general 10 --ts
# Output: [1/30/2026, 11:41 AM ts:1769753479.788949] User [3 replies]: ...

slk thread general 1769753479.788949

Agent Workflow Examples

  • Heartbeat/cron unread checkslk unreadslk read <channel> for channels that need attention
  • Save & pick up — Human saves threads in Slack ("Save for later"). Agent runs slk saved during heartbeat, reads full threads with slk thread, summarizes or extracts action items
  • Daily channel digestslk read <channel> 100 across key channels → compile decisions, open questions, action items → slk send daily-digest "📋 ..."
  • Weekly DM summaryslk read @boss 200 --from 2026-02-01 --threads → extract action items, decisions, context
  • Thread monitoring — Watch specific threads for new replies (incidents, PR reviews, decisions)
  • Draft for human reviewslk draft <channel> "..." posts to Slack's editor UI for human to review before sending
  • Search-driven contextslk search "deployment process" or slk pins <channel> to pull context before answering questions

Limitations

  • macOS only — uses Keychain + Electron storage paths
  • Session-based — acts as your user, not a bot. Be mindful of what you send
  • Draft drop may fail with draft_has_conflict if Slack has that conversation open
  • Session token expires on logout — keep Slack app running or rely on cached token

Missing Features & Issues

Create PR or Report Issue at: https://github.com/therohitdas/slkcli

Comments

Loading comments...