slack
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
slack-token-refresh.shscript extracts authentication cookies (dcookie) and session tokens (xoxc) from the local Google Chrome installation on macOS. - It locates and copies the Chrome
Cookiesdatabase to a temporary directory. - It uses AppleScript to extract Slack's
localStoragetokens from active browser tabs. - [COMMAND_EXECUTION]: The skill uses high-privilege system commands and scripting interfaces to harvest credentials.
- Uses
security find-generic-password -s 'Chrome Safe Storage' -wto programmatically access the macOS Keychain and retrieve the decryption key for the browser's cookie database. - Uses
osascript(AppleScript) to execute JavaScript inside running Google Chrome tabs, which can bypass some browser security boundaries. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes code from remote repositories at runtime.
- The
slack-token-refresh.shscript usesuvx --from pycookiecheatto download and run thepycookiecheatpackage from PyPI. - The
slack-browser-session.shscript performs an unversionednpm installandnpx playwright install chromiumto download the Playwright framework and the Chromium browser engine. - [REMOTE_CODE_EXECUTION]: The
playwright-bridge.jsscript contains anexecutefunction that allows the execution of arbitrary JavaScript code within the browser context usingpage.evaluate(input.code). This provides a direct path for dynamic code execution of instructions supplied at runtime. - [DATA_EXFILTRATION]: Extracted authentication secrets (SLACK_XOXC and SLACK_XOXD) are stored in a local environment file at
~/.agents/config/slack/tokens.env. While local, this makes these sensitive credentials accessible to any process with read access to the user's home directory.
Recommendations
- AI detected serious security threats
Audit Metadata