agent-slack

Warn

Audited by Socket on May 15, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s Slack-management capabilities mostly match its stated purpose, and npm-based installation is not inherently abnormal. However, the authentication design is high risk: it silently extracts Slack user tokens/cookies from the desktop app or browser, stores credentials locally, and then enables an AI agent to perform broad real-world actions in the workspace. This is a coherent but overly powerful and intrusive design with substantial credential-handling and autonomy risk.

Confidence: 88%Severity: 84%
Audit Metadata
Analyzed At
May 15, 2026, 06:41 PM
Package URL
pkg:socket/skills-sh/devxoul%2Fagent-messenger%2Fagent-slack%2F@42cab54d0f51e6ae5661093166f29f8141ac4115
Security Audit — socket — agent-slack