add-slack
Integrates Slack as a communication channel, enabling real-time messaging and support through a bot setup process.
Install this skill
or
45/100
Security score
The add-slack skill was audited on Jun 1, 2026 and we found 13 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
medium line 62
Template literal with variable interpolation in command context
SourceSKILL.md
| 62 | ```bash |
medium line 68
Template literal with variable interpolation in command context
SourceSKILL.md
| 68 | ```bash |
high line 131
Curl to non-GitHub URL
SourceSKILL.md
| 131 | - Via API: `curl -s -H "Authorization: Bearer $SLACK_BOT_TOKEN" "https://slack.com/api/conversations.list" | jq '.channels[] | {id, name}'` |
medium line 27
Access to .env file
SourceSKILL.md
| 27 | Add to `.env`: |
low line 39
Access to .env file
SourceSKILL.md
| 39 | mkdir -p data/env && cp .env data/env/env |
medium line 42
Access to .env file
SourceSKILL.md
| 42 | The container reads environment from `data/env/env`, not `.env` directly. |
medium line 98
Access to .env file
SourceSKILL.md
| 98 | 1. Check `SLACK_BOT_TOKEN` and `SLACK_APP_TOKEN` are set in `.env` AND synced to `data/env/env` |
medium line 122
Access to .env file
SourceSKILL.md
| 122 | 4. Copy the new Bot Token (it changes on reinstall) and update `.env` |
medium line 123
Access to .env file
SourceSKILL.md
| 123 | 5. Sync: `mkdir -p data/env && cp .env data/env/env` |
low line 19
External URL reference
SourceSKILL.md
| 19 | 1. Create a Slack app at [api.slack.com/apps](https://api.slack.com/apps) |
low line 51
External URL reference
SourceSKILL.md
| 51 | > 2. In that channel, the channel ID is in the URL when you open it in a browser: `https://app.slack.com/client/T.../C0123456789` — the `C...` part is the channel ID |
low line 130
External URL reference
SourceSKILL.md
| 130 | - In Slack web: the URL shows `https://app.slack.com/client/TXXXXXXX/C0123456789` |
low line 131
External URL reference
SourceSKILL.md
| 131 | - Via API: `curl -s -H "Authorization: Bearer $SLACK_BOT_TOKEN" "https://slack.com/api/conversations.list" | jq '.channels[] | {id, name}'` |
Scanned on Jun 1, 2026
View Security Dashboard