agent-slack
Fail
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install the core CLI tool by piping a remote shell script directly into the system shell:
curl -fsSL https://raw.githubusercontent.com/stablyai/agent-slack/main/install.sh | sh. This pattern allows arbitrary code execution from a third-party source without prior verification. - [EXTERNAL_DOWNLOADS]: In addition to the shell script, the skill promotes downloading code via
npm i -g agent-slackandnix run github:stablyai/agent-slackfrom thestablyaiorganization, which is not the skill's author. - [CREDENTIALS_UNSAFE]: The tool includes built-in commands designed to extract sensitive authentication data from the host environment:
agent-slack auth import-chromeandagent-slack auth import-firefoxharvest session cookies and credentials from local browser profiles.agent-slack auth import-desktopextracts authentication data from the local Slack Desktop application storage.- [DATA_EXFILTRATION]: The skill documentation indicates that the
message get,message list, andsearchcommands automatically download all attachments (files, images, and snippets) to the local filesystem (~/.agent-slack/tmp/downloads/) whenever they are encountered. This behavior can lead to the silent collection of external data onto the agent's host machine without explicit user consent for each file.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/stablyai/agent-slack/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata