slack

Best report: Report 1 (more detailed and focused on injection/dynamic execution risks). Improved assessment: This fragment is an authenticated Slack API wrapper with two high-value credential paths (curl using sourced tokens.env; browser mode extracting token from localStorage). No strong evidence of explicit malware/exfiltration/persistence is present. However, the design materially increases security risk due to (1) executing 'source' on local config/token files (code execution if files are tampered) and (2) generating and executing JavaScript via a Node/Playwright bridge with METHOD and parameters embedded with insufficient allowlisting/escaping. These factors make it important to restrict who can invoke the wrapper and to secure the local config/session files.

SUSPICIOUS: The core Slack functionality is legitimate and data flows go to official Slack endpoints, but the auth model is risky. The skill scrapes browser session tokens/cookies, stores them locally, and can automate broad Slack UI actions beyond normal API usage. This is not confirmed malware, but it has elevated security risk due to credential extraction and persistent session handling.