AI Security Review
scanned 17h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The user-invoked CLI sends Slack API requests using a configured Slack token; the included Claude hook only checks cache-file freshness.
Static reason
One or more suspicious static signals were detected.
Trigger
User invokes elnora-slack, or Claude starts a session with the plugin installed.
Impact
Authorized Slack actions are possible only through explicit CLI commands and the configured token; no install-time execution, foreign agent-control mutation, credential exfiltration, or remote payload loading was found.
Mechanism
Slack Web API client with a local freshness-check hook.
Rationale
Static inspection shows a package-aligned Slack CLI and optional first-party plugin materials, not a malicious chain. Scanner secret and helper signals correspond to an OpenAPI schema and an inert cache-freshness hook.
Evidence
package.jsondist/main.jsdist/client.jsdist/security.jshooks/hooks.jsonhooks/auto-sync.pyskills/slack-messages/SKILL.mdcommands/slack-sync.mdtemplates/log-sweep.shtemplates/notify-on-failure.shtemplates/weekly-digest.sh
Network endpoints4
api.slack.comslack.comwww.slack.comfiles.slack.com
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/main.js only registers the user-invoked CLI commands.
- dist/client.js reads only allowlisted Slack token keys and uses @slack/web-api.
- dist/client.js restricts requests to HTTPS Slack hosts.
- hooks/auto-sync.py only stats local reference-cache files and prints a reminder.
- skills/slack-messages/SKILL.md requires explicit approval before posting.
Behavioral surface
EnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcespec/slack_web_openapi_v2.jsonView file
19449patternName = slack_bot_token
severity = critical
line = 19449
matchedText = "access_...gy",
Critical
Critical Secret
Package contains a critical-looking secret pattern.
spec/slack_web_openapi_v2.jsonView on unpkg · L1944919449patternName = slack_bot_token
severity = critical
line = 19449
matchedText = "access_...gy",
Critical
Secret Pattern
Slack bot token in spec/slack_web_openapi_v2.json
spec/slack_web_openapi_v2.jsonView on unpkg · L19449hooks/auto-sync.pyView file
•path = hooks/auto-sync.py
kind = build_helper
sizeBytes = 2533
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
hooks/auto-sync.pyView on unpkgFindings
2 Critical2 Medium4 Low
CriticalCritical Secretspec/slack_web_openapi_v2.json
CriticalSecret Patternspec/slack_web_openapi_v2.json
MediumEnvironment Vars
MediumShips Build Helperhooks/auto-sync.py
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings