slack

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's features and commands match its stated purpose and appear functional and internally consistent. However, it requires users to extract and store sensitive browser session tokens (xoxc and xoxd) in plaintext config files, which elevates supply-chain and local security risk. There is no evidence in the provided text of hidden exfiltration or obfuscated malicious code; the primary concerns are user-facing: credential handling, lack of secure storage guidance, and an external update check (skills.sh) that could be a supply-chain vector if the updater is not trusted. Recommend treating tokens like secrets (restrict file permissions, avoid committing to VCS, prefer OAuth/bot tokens if possible) and reviewing/update mechanism trust before use. LLM verification: The skill enables legitimate Slack interactions but relies on an insecure and unusual credential acquisition pattern: extracting browser session tokens and cookies manually and storing them in plaintext. This presents significant credential-exposure risk and grants broad impersonation ability if the local script or filesystem is compromised. While the provided material does not show explicit exfiltration or malicious code, the operational design is high-risk. Recommend: do not use this approach