← 返回 Skills 市场
2867
总下载
2
收藏
8
当前安装
5
版本数
在 OpenClaw 中安装
/install slack-personal
功能描述
Read, send, search, and manage Slack messages and DMs via the slk CLI. Use when the user asks to check Slack, read channels or DMs, send Slack messages, search Slack, check unreads, manage drafts, view saved items, or interact with Slack workspace. Also use for heartbeat Slack checks. Triggers on "check slack", "any slack messages", "send on slack", "slack unreads", "search slack", "slack threads", "draft on slack", "read slack dms", "message on slack".
安全使用建议
This package is functionally what it says: a macOS Slack CLI that auto-extracts your session token from the Slack desktop app (Keychain + cookies + LevelDB) and then acts with your user privileges. Before installing:
- Understand the sensitivity: the tool extracts session tokens that let it act as you (xoxc- tokens). That is required for its design, but it is powerful — any message-sending or reading capabilities are performed as your user.
- Expect macOS prompts: on first run macOS will prompt Keychain access for 'Slack Safe Storage'. Choosing 'Always Allow' makes future extractions silent; prefer 'Allow' if you want visibility into each access.
- Check system dependencies: the code invokes security, sqlite3, openssl, python3 and curl. Confirm these binaries are present and trustworthy on your machine. The skill metadata only lists the slk binary, so the package omission is a packaging issue.
- Validate the npm package & author: inspect the package contents, README, and the npm/github project (verify repository and publisher) before installing; if you need organizational approval, get it first.
- Consider alternatives: use an official Slack bot token or OAuth app with limited scopes if you want agent access with auditable, revocable credentials rather than extracting your user session.
Given the sensitive operations and the mismatch between declared and actually-required system tools, treat this as suspicious until you verify the package source and are comfortable with session-token extraction.
功能分析
Type: OpenClaw Skill
Name: slack-personal
Version: 0.1.7
The skill is classified as suspicious due to its transparent but high-risk method of extracting Slack session credentials (xoxc- token and xoxd- cookie) from the macOS Keychain, Slack's LevelDB, and SQLite databases. This involves executing system commands like `security`, `sqlite3`, `openssl`, `python3`, and `curl` via `child_process.execSync` and `child_process.spawnSync` in `src/auth.js`. While the code's intent is to enable a legitimate Slack CLI for the local user and it explicitly warns about the security implications of 'Always Allow' for Keychain access in `README.md` and `SKILL.md`, the powerful system interactions for credential access represent a significant attack surface and potential vulnerability if the tool were compromised or misused. There is no evidence of intentional data exfiltration to unauthorized endpoints, persistence mechanisms, or malicious prompt injection against the AI agent in the documentation.
能力评估
Purpose & Capability
Name/description (Slack CLI to read/send/search Slack as the user) aligns with the code and runtime behavior: the package auto-extracts session tokens from Slack desktop app and calls Slack API endpoints to read/send messages, manage drafts, search, etc.
Instruction Scope
SKILL.md instructs agents to use the slk CLI for reads, sends, searches and heartbeat checks. The instructions are explicit about the tool extracting session tokens from Keychain/LevelDB and about token caching. The skill grants an agent discretion to run recurring 'heartbeat' checks (unread monitoring) which will repeatedly read user messages — this is expected for an agent-facing Slack CLI but is sensitive and worth explicitly consenting to.
Install Mechanism
Install is via the npm package 'slkcli' (registry), which is a normal package-based install; no arbitrary URL downloads or archive extraction are used. Source files are included in the package manifest, not fetched from a personal server.
Credentials
The skill requests no environment variables, which is coherent, but the runtime code invokes several system utilities (macOS 'security', 'sqlite3' via sqlite3 CLI, 'openssl', 'python3', and 'curl') to extract/decrypt cookies and validate tokens. The skill metadata only declares the 'slk' binary as required, so the additional required system tools are not explicitly listed — this mismatch is a packaging/manifest omission. Also, the code reads Keychain, Slack cookie DB, and LevelDB (user session credentials). Those accesses are necessary for the stated session-based auth behavior but are highly sensitive (they extract session tokens that act as your user).
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It caches tokens to ~/.local/slk/token-cache.json (expected). It spawns helper processes and writes temporary files during decryption but generally cleans them up; token cache is local to the user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install slack-personal - 安装完成后,直接呼叫该 Skill 的名称或使用
/slack-personal触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.7
- Added user-invocable property to the skill manifest.
- Updated metadata field provider from "moltbot" to "openclaw".
v0.1.6
Add DM support (slk dms, slk read @username), date range filter (--from/--to), thread auto-expansion (--threads)
v0.1.4
Expanded triggers and improved documentation for usage and workflow examples.
- Added "slack threads" and "draft on slack" to the list of skill triggers for greater coverage.
- Enhanced the SKILL.md with more detailed explanations, including sample workflows and thread reading instructions.
- Improved usage instructions for authentication and clarified macOS Keychain prompts.
- Extended examples for common agent workflows, such as unread checks, digest creation, and draft management.
- Updated limitations and troubleshooting guidance.
- No code changes; documentation and usage improvements only.
v0.1.3
- Initial public release as slack-personal (previously "slk"), now with metadata and improved skill description.
- Added automatic triggers for common Slack-related phrases (e.g., "check slack", "send on slack").
- Published on npm with install, platform, and binary requirements specified for easier setup.
- Documentation updated for clarity, with concise instructions for authentication, usage, and troubleshooting.
- Maintains full support for reading, sending, searching, and managing Slack messages via slk CLI on macOS.
v0.1.2
slk v0.1.2 — CLI for Slack messaging and management on macOS via the running Slack desktop app.
- Adds detailed command documentation for reading, searching, and sending Slack messages from the CLI.
- Introduces heartbeat and draft management features with step-by-step usage notes.
- Outlines secure, auto-authenticated session flow leveraging macOS Keychain and Slack desktop app data.
- Notes limitations: macOS and Slack app required, some draft limitations, and session expiry behavior.
- Clarifies workflow for managing unreads, saved items, pins, VIPs, and app authentication troubleshooting.
元数据
常见问题
Slk 是什么?
Read, send, search, and manage Slack messages and DMs via the slk CLI. Use when the user asks to check Slack, read channels or DMs, send Slack messages, search Slack, check unreads, manage drafts, view saved items, or interact with Slack workspace. Also use for heartbeat Slack checks. Triggers on "check slack", "any slack messages", "send on slack", "slack unreads", "search slack", "slack threads", "draft on slack", "read slack dms", "message on slack". 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2867 次。
如何安装 Slk?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install slack-personal」即可一键安装,无需额外配置。
Slk 是免费的吗?
是的,Slk 完全免费(开源免费),可自由下载、安装和使用。
Slk 支持哪些平台?
Slk 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin)。
谁开发了 Slk?
由 Rohit Das(@therohitdas)开发并维护,当前版本 v0.1.7。
推荐 Skills