← Back to Skills Marketplace
368
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install slack-backup
Description
Back up files uploaded to a Slack channel to the local doc/backup directory. Supports smart matching: multiple files, filename prefix/keyword filter, file ty...
Usage Guidance
This skill is inconsistent and potentially unsafe as packaged. Before installing or running it: 1) Do not provide Slack credentials yet — SKILL.md doesn't say which env var or how the token is supplied. 2) Inspect the referenced ../shared/slack_downloader.py and ../shared/slack_args.sh files (they are not included) — the bash script will execute and source those files, so they must be trusted. 3) If those shared files come from the platform, ask the maintainer which Slack token env var is required and where that token will be stored/used. 4) If you proceed, test in an isolated environment and verify the downloader's code to ensure it only talks to Slack and writes only to the backup directory. 5) If the author cannot provide the missing files or a convincing explanation for why credentials are omitted, do not install — the mismatch is suspicious (likely poor packaging or hidden behavior), not proof of intent to harm, but worthy of caution.
Capability Analysis
Type: OpenClaw Skill
Name: slack-backup
Version: 1.0.0
The slack-backup skill is a legitimate utility designed to download files from Slack to a local backup directory. The SKILL.md file contains notably defensive instructions that explicitly forbid the AI agent from creating or modifying files directly or fabricating content, which mitigates common prompt-injection risks. The shell script (slack_backup.sh) is a straightforward wrapper that passes environment variables to a downloader script, and no evidence of malicious intent, data exfiltration, or unauthorized persistence was found.
Capability Assessment
Purpose & Capability
The skill's purpose is to download files from Slack, which requires a Slack API token or similar credential, but the registry metadata and SKILL.md declare no required environment variables or primary credential. The bundled bash script also references a Python downloader and an args helper located in ../shared that are not included in the skill. These missing pieces are not proportionate to the stated purpose and suggest poor packaging or hidden dependencies.
Instruction Scope
SKILL.md instructs the agent to set env vars and run slack_backup.sh only via exec, and to verify SUCCESS output. It does not describe how the script authenticates to Slack (which env var or config to provide). The instructions implicitly rely on external files (../shared/slack_downloader.py and ../shared/slack_args.sh) that the agent will execute or source, but those files are not part of the skill — this extends the skill's runtime scope beyond the provided bundle.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself, but the included slack_backup.sh executes ../shared/slack_downloader.py and sources ../shared/slack_args.sh. Executing/sourcing code outside the skill bundle (in a parent/shared directory) is a supply-chain risk: the skill will run code not delivered in the package, and there is no provenance or URL given for those files.
Credentials
The skill expects to call the Slack API but declares no required credentials. The script uses environment variables for behavior (LIMIT, MINUTES, NAME_PREFIX, FILE_TYPE) which are fine, but there is no declaration for the Slack token (e.g., SLACK_BOT_TOKEN or SLACK_TOKEN) or how authentication is supplied. Requesting zero env vars while needing an API token is disproportionate and ambiguous.
Persistence & Privilege
The skill is not forced-always and is user-invocable (normal). However, it sources an external script (../shared/slack_args.sh) and runs a Python downloader from ../shared — both actions execute code outside the skill's own directory. That gives the skill the ability to run arbitrary code from shared/system locations, increasing privilege and supply-chain attack surface.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install slack-backup - After installation, invoke the skill by name or use
/slack-backup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of slack-backup.
- Back up files uploaded to a Slack channel to the local doc/backup directory.
- Supports smart matching: filter by filename prefix/keyword, file type (pdf/video/image), time range, and multiple files.
- Triggered by natural language commands (e.g. "back up the file from Slack", "save the Slack file locally").
- Follows strict rules to ensure file integrity: only uses a shell script, verifies real file download, and strictly reports errors.
Metadata
Frequently Asked Questions
What is Slack Backup?
Back up files uploaded to a Slack channel to the local doc/backup directory. Supports smart matching: multiple files, filename prefix/keyword filter, file ty... It is an AI Agent Skill for Claude Code / OpenClaw, with 368 downloads so far.
How do I install Slack Backup?
Run "/install slack-backup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Slack Backup free?
Yes, Slack Backup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Slack Backup support?
Slack Backup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Slack Backup?
It is built and maintained by caigang78 (@caigang78); the current version is v1.0.0.
More Skills