← Back to Skills Marketplace
681
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install geeksdobyte-slack-botskill
Description
Enables authenticated interaction with Slack for sending, editing, deleting, reacting to, and managing messages and pins via a secure bot token.
README (SKILL.md)
Slack Actions Skill
Overview
The Slack Actions Skill enables Clawdbot to securely interact with Slack channels and direct messages using a Bot OAuth token.
This skill allows agents to:
- Send, edit, and delete messages
- Add and list reactions
- Pin and unpin messages
- Read recent channel history
- Retrieve member information
- List workspace emojis
All actions are executed using the permissions granted to the configured bot account.
Purpose & Capability
This skill enables authenticated Slack operations using a Bot OAuth token supplied through the SLACK_BOT_TOKEN environment variable.
With valid credentials, the skill can:
- Manage messages and reactions
- Maintain pinned references
- Retrieve basic user metadata
- Support lightweight workflow automation
The skill operates strictly within the authorization scope of the configured Slack bot.
Authentication & Configuration
Required Environment Variable
This skill requires a Slack Bot User OAuth token.
Before use, configure:
SLACK_BOT_TOKEN
Example:
export SLACK_BOT_TOKEN="xoxb-xxxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxxxxxxx"
Or in .env format:
SLACK_BOT_TOKEN=xoxb-xxxxxxxxxxxx-xxxxxxxxxxxx-xxxxxxxxxxxx
Token Requirements
The token must include the following OAuth scopes:
chat:writechannels:readchannels:historyreactions:writepins:writeusers:reademoji:read
Additional scopes may be required depending on workspace policies.
Credential Storage
- Tokens must be stored only in environment variables
- Tokens must never be hardcoded
- Tokens must never be logged
- Tokens must not be exposed in outputs
If SLACK_BOT_TOKEN is missing, invalid, or revoked, this skill must not execute.
Initial Setup
To configure this skill:
- Create a Slack App in your workspace
- Enable Bot Token authentication
- Assign required OAuth scopes
- Install the app to the workspace
- Copy the Bot User OAuth token
- Store the token in
SLACK_BOT_TOKEN - Restart the agent
After setup, the skill becomes available for execution.
Credential Constraints
- Only Bot User tokens (
xoxb-) are supported - User tokens (
xoxp-) are not permitted - Tokens must belong to a single workspace
- Cross-workspace tokens are unsupported
- Tokens must be rotated periodically
- Tokens must comply with organizational security policies
Unauthorized credential usage is prohibited.
When to Use This Skill
Activate this skill when the user requests:
- Sending messages to Slack
- Reacting to messages
- Editing or deleting content
- Pinning or unpinning messages
- Reading recent messages
- Looking up users
- Viewing emojis
Example triggers:
“Send this to #engineering.” “React with a checkmark.” “Pin that message.” “Who is U123?”
Required Inputs
Message Targeting
channelId— Slack channel ID (ex:C1234567890)messageId— Slack timestamp (ex:1712023032.1234)
Reactions
emoji— Unicode emoji or:name:format
Sending Messages
to—channel:\x3Cid>oruser:\x3Cid>content— Message text
Message context may contain reusable fields such as channel and slack message id.
Supported Action Groups
| Group | Status | Description |
|---|---|---|
| reactions | Enabled | Add and list reactions |
| messages | Enabled | Send, edit, delete, read messages |
| pins | Enabled | Manage pinned items |
| memberInfo | Enabled | Retrieve user profiles |
| emojiList | Enabled | List custom emojis |
Available Actions
React to a Message
{
"action": "react",
"channelId": "C123",
"messageId": "1712023032.1234",
"emoji": "✅"
}
List Reactions
{
"action": "reactions",
"channelId": "C123",
"messageId": "1712023032.1234"
}
Send a Message
{
"action": "sendMessage",
"to": "channel:C123",
"content": "Hello from Clawdbot"
}
Edit a Message
{
"action": "editMessage",
"channelId": "C123",
"messageId": "1712023032.1234",
"content": "Updated text"
}
Delete a Message
{
"action": "deleteMessage",
"channelId": "C123",
"messageId": "1712023032.1234"
}
Read Recent Messages
{
"action": "readMessages",
"channelId": "C123",
"limit": 20
}
Pin a Message
{
"action": "pinMessage",
"channelId": "C123",
"messageId": "1712023032.1234"
}
Unpin a Message
{
"action": "unpinMessage",
"channelId": "C123",
"messageId": "1712023032.1234"
}
List Pinned Items
{
"action": "listPins",
"channelId": "C123"
}
Get Member Information
{
"action": "memberInfo",
"userId": "U123"
}
List Workspace Emojis
{
"action": "emojiList"
}
Behavioral Rules
- Confirm IDs before destructive actions
- Never delete messages without explicit user approval
- Prefer reactions over messages for acknowledgments
- Validate inputs before execution
- Never expose credentials
Usage Examples
Mark Task Complete
{
"action": "react",
"channelId": "C123",
"messageId": "1712023032.1234",
"emoji": "✅"
}
Post Status Update
{
"action": "sendMessage",
"to": "channel:C456",
"content": "Deployment completed successfully."
}
Save Important Message
{
"action": "pinMessage",
"channelId": "C123",
"messageId": "1712023032.1234"
}
Instruction Scope
This skill is limited to Slack workspace operations authorized by the configured bot token.
It does NOT:
- Create Slack applications
- Modify workspace settings
- Manage billing
- Bypass permissions
- Escalate privileges
All operations respect Slack API constraints.
Compliance
This skill follows Slack API Terms of Service and OAuth security guidelines.
Users are responsible for obtaining organizational approval prior to deployment.
Best Practices
- Use reactions for lightweight workflows
- Pin long-term references
- Keep messages concise
- Avoid bulk destructive actions
- Rotate credentials regularly
Usage Guidance
Do not install blindfolded — ask the publisher for source code or a homepage and request corrected registry metadata that explicitly lists SLACK_BOT_TOKEN as a required credential. If you proceed, create a dedicated Slack bot with the minimum OAuth scopes listed in the SKILL.md, restrict the bot to only the channels it needs, and use a non-production workspace to test. Rotate the token after testing and never give a shared or user-level token. Prefer installing only after the author provides a verifiable implementation (repo or package) and the registry entry is updated to declare the sensitive environment variable; if you cannot verify the implementation, treat the undeclared sensitive requirement as a red flag.
Capability Analysis
Type: OpenClaw Skill
Name: geeksdobyte-slack-botskill
Version: 0.1.1
The OpenClaw AgentSkills skill bundle for Slack actions is classified as benign. The `SKILL.md` file clearly defines the skill's purpose, capabilities, and required Slack API scopes, which are all consistent with standard Slack bot functionality. Crucially, the documentation provides strong security guidelines for handling the `SLACK_BOT_TOKEN` (environment variable only, no logging, no hardcoding, no exposure) and includes behavioral rules for the AI agent that promote safe usage (e.g., 'Never delete messages without explicit user approval', 'Never expose credentials'). There is no evidence of prompt injection attempts, data exfiltration, unauthorized execution, or any other malicious intent.
Capability Assessment
Purpose & Capability
The SKILL.md describes precisely the Slack operations you'd expect for a 'Slack Actions' skill (sending/editing/deleting messages, reactions, pins, reading history, listing emojis, user lookups). However, the registry metadata claims no required environment variables or primary credential, while the runtime instructions explicitly require SLACK_BOT_TOKEN. That metadata–behavior mismatch is an incoherence (either the metadata is incomplete/incorrect or the skill author failed to declare a sensitive requirement).
Instruction Scope
The instructions in SKILL.md stay narrowly focused on Slack API actions and require only a Bot OAuth token and standard Slack scopes. The doc does not instruct the agent to read unrelated files, secrets, or system state. It also contains sensible behavioral rules (confirm IDs, avoid logging tokens).
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is lower risk because nothing is downloaded or executed by default; however, actual runtime behavior depends on how the agent implements these instructions.
Credentials
The SKILL.md requires a single sensitive environment variable (SLACK_BOT_TOKEN) with broad workspace scopes, which is proportionate for Slack integration—but the registry metadata fails to declare this. The absence of a declared primary credential reduces transparency and prevents reviewers/automated systems from flagging sensitive requirements. Additionally, Bot tokens (xoxb-) can be powerful; ensure least-privilege scopes and use a dedicated bot account limited to necessary channels.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modification of other skills' configs. The skill will be able to be invoked autonomously by the agent (default), which is expected; combine this with a valid bot token and the agent could perform Slack actions, so token scope/limits are important.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install geeksdobyte-slack-botskill - After installation, invoke the skill by name or use
/geeksdobyte-slack-botskill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
**Major update: Expanded documentation and enforced stricter security and setup requirements for Slack bot credential usage.**
- Added detailed setup and authentication instructions, including required OAuth scopes and credential storage rules.
- Expanded usage and capability explanations, specifying agent action scope and security/compliance guidelines.
- Clarified required inputs, supported actions, and example JSON payloads for all Slack operations.
- Emphasized credential safety: use of environment variables, prohibition of user tokens and hardcoding, and workspace/permission constraints.
- Updated tags and version metadata to reflect improved capabilities and security.
v0.1.0
Initial public release of the Slack Actions skill.
- Enables sending, editing, deleting, and fetching Slack messages via a bot.
- Supports adding, removing, and viewing message reactions.
- Allows pinning and unpinning content in channels.
- Provides access to Slack member information.
- Includes action for listing available workspace emojis.
- Intended for use only when explicit Slack actions are requested.
Metadata
Frequently Asked Questions
What is Slack Actions?
Enables authenticated interaction with Slack for sending, editing, deleting, reacting to, and managing messages and pins via a secure bot token. It is an AI Agent Skill for Claude Code / OpenClaw, with 681 downloads so far.
How do I install Slack Actions?
Run "/install geeksdobyte-slack-botskill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Slack Actions free?
Yes, Slack Actions is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Slack Actions support?
Slack Actions is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Slack Actions?
It is built and maintained by RK905 (@rk905); the current version is v0.1.1.
More Skills