registry  /  @elnora-ai/slack  /  0.1.3

@elnora-ai/slack@0.1.3

The entire Slack Web API as a CLI and a Claude Code plugin — 201 methods, agent-friendly JSON, approval-gated sending

AI Security Review

scanned 17h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The user-invoked CLI sends Slack API requests using a configured Slack token; the included Claude hook only checks cache-file freshness.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes elnora-slack, or Claude starts a session with the plugin installed.
Impact
Authorized Slack actions are possible only through explicit CLI commands and the configured token; no install-time execution, foreign agent-control mutation, credential exfiltration, or remote payload loading was found.
Mechanism
Slack Web API client with a local freshness-check hook.
Rationale
Static inspection shows a package-aligned Slack CLI and optional first-party plugin materials, not a malicious chain. Scanner secret and helper signals correspond to an OpenAPI schema and an inert cache-freshness hook.
Evidence
package.jsondist/main.jsdist/client.jsdist/security.jshooks/hooks.jsonhooks/auto-sync.pyskills/slack-messages/SKILL.mdcommands/slack-sync.mdtemplates/log-sweep.shtemplates/notify-on-failure.shtemplates/weekly-digest.sh
Network endpoints4
api.slack.comslack.comwww.slack.comfiles.slack.com

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks.
    • dist/main.js only registers the user-invoked CLI commands.
    • dist/client.js reads only allowlisted Slack token keys and uses @slack/web-api.
    • dist/client.js restricts requests to HTTPS Slack hosts.
    • hooks/auto-sync.py only stats local reference-cache files and prints a reminder.
    • skills/slack-messages/SKILL.md requires explicit approval before posting.
    Behavioral surface
    Source
    EnvironmentVarsFilesystem
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 39 file(s), 230 KB of source, external domains: api.slack.com, slack.com

    Source & flagged code

    3 flagged · loading source
    spec/slack_web_openapi_v2.jsonView file
    19449patternName = slack_bot_token severity = critical line = 19449 matchedText = "access_...gy",
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    spec/slack_web_openapi_v2.jsonView on unpkg · L19449
    19449patternName = slack_bot_token severity = critical line = 19449 matchedText = "access_...gy",
    Critical
    Secret Pattern

    Slack bot token in spec/slack_web_openapi_v2.json

    spec/slack_web_openapi_v2.jsonView on unpkg · L19449
    hooks/auto-sync.pyView file
    path = hooks/auto-sync.py kind = build_helper sizeBytes = 2533 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    hooks/auto-sync.pyView on unpkg

    Findings

    2 Critical2 Medium4 Low
    CriticalCritical Secretspec/slack_web_openapi_v2.json
    CriticalSecret Patternspec/slack_web_openapi_v2.json
    MediumEnvironment Vars
    MediumShips Build Helperhooks/auto-sync.py
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings