← 返回 Skills 市场
1630
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install slack-hub-skill
功能描述
Send messages, reply in threads, search workspace content, and list public channels using Slack Bot integration with rate-limit handling.
安全使用建议
This skill implements Slack messaging/search and needs a SLACK_BOT_TOKEN, but the package metadata doesn't declare that requirement and there are a few inconsistencies you should resolve before installing:
- Confirm the SLACK_BOT_TOKEN: the code reads SLACK_BOT_TOKEN from the environment. Only provide a token with the minimal scopes required (e.g., chat:write, search:read, channels:read) and avoid full admin tokens. Understand that a token with broad scopes can read private channels and post messages.
- .env vs environment: SKILL.md asks you to put the token in a .env file, but the code doesn't load .env. Ensure your runtime will load that file (or set the env var securely in the agent environment) rather than leaving secrets in an unprotected file.
- Dependency/install: skill.json lists 'requests' but there is no install spec. Make sure the runtime includes the requests package or install it in an isolated environment before use.
- Claims vs implementation: SKILL.md claims rate-limit handling and threading support; the code does not implement explicit rate-limit backoff logic and threading is only included insofar as chat.postMessage accepts thread_ts. Ask the author to clarify or update the code/README.
- Review token scopes and audit: inspect or run the code in an isolated environment (or read the source, which appears to call only slack.com endpoints) and verify no external endpoints aside from slack.com are used. If you proceed, rotate the bot token afterward and monitor Slack app activity/logs.
If the author can correct the metadata (declare SLACK_BOT_TOKEN as a required credential), add clear install steps for dependencies, and either implement or remove the claimed rate-limit handling, this package would be internally coherent. Until then, treat it as suspicious and verify details before granting it a production token.
功能分析
Type: OpenClaw Skill
Name: slack-hub-skill
Version: 0.1.0
The OpenClaw skill bundle for Slack integration is classified as benign. All files, including `SKILL.md`, `slack_hub.py`, and `skill.json`, align with the stated purpose of providing Slack messaging and search capabilities. The `slack_hub.py` script correctly retrieves the `SLACK_BOT_TOKEN` from environment variables and makes network requests exclusively to the official Slack API (https://slack.com/api). The `skill.json` file explicitly declares the necessary 'network' and 'env_vars' permissions, which are justified by the code's functionality. There is no evidence of prompt injection attempts in `SKILL.md`, unauthorized data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
能力评估
Purpose & Capability
The name, SKILL.md, and slack_hub.py all implement a Slack integration (sending messages, searching, listing channels) which is consistent with the stated purpose — but the registry metadata at the top of the package declares no required env vars while both SKILL.md and the code require a SLACK_BOT_TOKEN. That mismatch should be resolved.
Instruction Scope
SKILL.md instructs storing SLACK_BOT_TOKEN in a .env file and promises rate-limit handling. The code does read SLACK_BOT_TOKEN via os.getenv (so it needs the env var), but there is no .env loader in the code (e.g., python-dotenv) and there is no actual rate-limit handling implemented. The instructions also imply access to workspace searches and channel lists; the code will call Slack endpoints and — depending on token scopes — could access private channels. These mismatches are scope/behavior inconsistencies that could lead to unexpected credential placement or overprivileged access.
Install Mechanism
This is instruction-only (no install spec). skill.json lists 'requests' as a dependency, but there is no install step or packaging guidance. That means the runtime must already provide the requests package; otherwise the skill will fail. Not an immediate security red flag, but an operational hole that should be fixed.
Credentials
The code requires a single sensitive credential (SLACK_BOT_TOKEN) which is appropriate for a Slack integration. However, the package metadata (registry summary) does not declare this requirement even though skill.json includes env_vars in permissions and SKILL.md explicitly requires the token. The token grants the skill the ability to read/search and post on behalf of the bot — if the token has broad scopes it could access private channels or send messages. The requested secret is proportionate for Slack, but the lack of clear declaration and guidance about minimal scopes is concerning.
Persistence & Privilege
No 'always: true' and model invocation is not disabled, which is expected and appropriate. The skill does not attempt to modify other skill configs or request permanent system-wide presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slack-hub-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/slack-hub-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of Slack Hub Skill for OpenClaw:
- Professional Slack integration with messaging, threading, and workspace-wide search.
- Send messages to channels or users, including threaded replies.
- Search messages or files across the workspace.
- List all public channels in the workspace.
- Handles Slack API rate limiting for high-volume environments.
元数据
常见问题
Slack Hub Skill 是什么?
Send messages, reply in threads, search workspace content, and list public channels using Slack Bot integration with rate-limit handling. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1630 次。
如何安装 Slack Hub Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slack-hub-skill」即可一键安装,无需额外配置。
Slack Hub Skill 是免费的吗?
是的,Slack Hub Skill 完全免费(开源免费),可自由下载、安装和使用。
Slack Hub Skill 支持哪些平台?
Slack Hub Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Slack Hub Skill?
由 IcyFrosty(@icyfrosty)开发并维护,当前版本 v0.1.0。
推荐 Skills