Slk — Slack个人工具

Name: Slk — Slack个人工具
Rating: 1 (2 reviews)
Author: therohitdas

therohitdas

💬 Slk — Slack个人工具

v0.1.7

通过slk CLI读取、发送、搜索和管理Slack消息和私信。当用户要求检查Slack、阅读频道或私信、发送Slack消息、搜索Slack、检查未读、管理草稿、查看已保存项目或与Slack工作区交互时使用。也用于Slack心跳检查。在'check slack'、'any slack messages'、'send on slack'、'slack unreads'、'search slack'、'slack threads'、'draft on slack'、'read slack dms'、'message on slack'时触发。

2· 2,700·8 当前·8 累计

by @therohitdas·MIT-0

网络工具开发工具

下载技能包

License

MIT-0

最后更新

2026/4/8

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

该技能的代码和指令大体与从Slack桌面应用自动提取会话凭证的Slack CLI一致（此功能需要），但有一些不匹配和敏感操作（Keychain/cookie/LevelDB提取、外部系统命令），您应在安装前了解这些。

评估建议

此包在功能上就是它所说的那样：一个macOS Slack CLI，从Slack桌面应用自动提取您的会话令牌（Keychain + cookies + LevelDB），然后以您的用户权限行事。在安装之前：- 理解敏感性：该工具提取会话令牌，让它以您的身份行事（xoxc-令牌）。这是其设计所必需的，但它很强大——任何消息发送或阅读能力都以您的用户身份执行。- 预期macOS提示：首次运行时macOS会提示访问'Slack Safe Storage'的Keychain。选择'Always Allow'使未来提取静默进行；如果您希望每次访问都可见，选择'Allow'。- 检查系统依赖：代码调用security、sqlite3、openssl、python3和curl。确认这些二进制文件在您的机器上存在且可信。技能元数据仅列出slk二进制文件，因此包遗漏是打包问题。- 验证npm包和作者：在安装之前检查包内容、README和npm/github项目（验证存储库和发布者）；如果您需要组织批准，先获得它。- 考虑替代方案：如果您希望代理访问具有可审计、可撤销的凭证，而不是提取您的用户会话，请使用官...

详细分析 ▾

✓ 用途与能力

名称/描述（Slack CLI以用户身份读取/发送/搜索Slack）与代码和运行时行为一致：包从Slack桌面应用自动提取会话令牌，并调用Slack API端点来读取/发送消息、管理草稿、搜索等。

ℹ 指令范围

SKILL.md指导代理使用slk CLI进行读取、发送、搜索和心跳检查。指令明确说明工具从Keychain/LevelDB提取会话令牌以及令牌缓存。该技能授予代理酌情权运行重复的'心跳'检查（未读监控），这将反复读取用户消息——这对于面向代理的Slack CLI是预期的，但很敏感，值得明确同意。

✓ 安装机制

安装通过npm包'slkcli'（注册表），这是正常的基于包的安装；不使用任意URL下载或存档提取。源文件包含在包清单中，不从个人服务器获取。

⚠ 凭证需求

该技能不请求环境变量，这是一致的，但运行时代码调用几个系统实用程序（macOS 'security'、通过sqlite3 CLI的'sqlite3'、'openssl'、'python3'和'curl'）来提取/解密cookie并验证令牌。技能元数据仅声明'slk'二进制文件为所需，因此未明确列出其他所需系统工具——这种不匹配是打包/清单遗漏。此外，代码读取Keychain、Slack cookie DB和LevelDB（用户会话凭证）。这些访问对于所述的基于会话的认证行为是必要的，但高度敏感（它们提取以您用户身份行事的会话令牌）。

✓ 持久化与权限

该技能不请求always:true，不修改其他技能。它将令牌缓存到~/.local/slk/token-cache.json（预期）。它在解密期间生成辅助进程并写入临时文件，但通常会清理它们；令牌缓存对用户是本地的。

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

🖥️ OSmacOS

版本

latestv0.1.72026/1/31

- 向技能清单添加了user-invocable属性。- 将metadata字段provider从'moltbot'更新为'openclaw'。

● 可疑

安装命令点击复制

官方npx clawhub@latest install slack-personal

镜像加速npx clawhub@latest install slack-personal --registry https://cn.clawhub-mirror.com

技能文档

Session-based Slack CLI for macOS. Auto-authenticates from the Slack desktop app — no tokens, no OAuth, no app installs. Acts as your user (xoxc- session tokens).

Commands

# Auth slk auth # Test authentication, show user/team # Read slk channels # List channels (alias: ch) slk dms # List DM conversations with IDs (alias: dm) slk read [count] # Read recent messages, default 20 (alias: r) slk read @username [count] # Read DMs by username slk read --threads # Auto-expand all threads slk read --from 2026-02-01 # Date range filter slk thread [count] # Read thread replies, default 50 (alias: t) slk search [count] # Search messages across workspace slk users # List workspace users (alias: u) # Activity slk activity # All channels with unread/mention counts (alias: a) slk unread # Only unreads, excludes muted (alias: ur) slk starred # VIP users + starred items (alias: star) slk saved [count] [--all] # Saved for later items (alias: sv) slk pins # Pinned items in a channel (alias: pin) # Write slk send # Send a message (alias: s) slk react # React to a message

# Drafts (synced to Slack editor UI) slk draft # Draft a channel message slk draft thread # Draft a thread reply slk draft user # Draft a DM slk drafts # List active drafts slk draft drop # Delete a draft

Channel accepts name (general), ID (C08A8AQ2AFP), @username for DMs, or user ID (U07RQTFCLUC).

Auth

Automatic — extracts session token from Slack desktop app's LevelDB + decrypts cookie from macOS Keychain.

第一个 run: macOS 将 show Keychain 对话框 asking 到 allow access 到 "Slack Safe Storage":

Allow — one-时间 access, prompted again 下一个时间
Always Allow — permanent, 否 future prompts (convenient 但是任何 process running 作为用户可以 extract credentials silently)
Deny — blocks access, slk cannot 认证

令牌缓存: ~/.local/slk/令牌-缓存.json — auto-validated, auto-refreshed 在...上 invalid_auth.

If auth fails (token rotated, Slack logged out):

rm ~/.local/slk/token-cache.json
slk auth

Slack desktop app must be installed and logged in. Does not need to be running if token is cached.

Reading Threads

Threads require a Slack timestamp. Use --ts to get it, then read the thread:

slk read general 10 --ts
# Output: [1/30/2026, 11:41 AM ts:1769753479.788949] User [3 replies]: ...slk thread general 1769753479.788949

Agent Workflow Examples

Heartbeat/cron unread check — slk unread → slk 读取 对于 channels 需要 attention
保存 & pick up — Human saves threads 在...中 Slack ("保存对于 later"). Agent runs slk saved 期间 heartbeat, reads 满 threads 带有 slk thread, summarizes 或 extracts action items
Daily channel digest — slk 读取 100 穿过键 channels → compile decisions, 打开 questions, action items → slk 发送 daily-digest "📋 ..."
Weekly DM summary — slk 读取 @boss 200 --从 2026-02-01 --threads → extract action items, decisions, context
Thread monitoring — Watch specific threads 对于新的 replies (incidents, PR reviews, decisions)
Draft 对于 human review — slk draft "..." posts 到 Slack's editor UI 对于 human 到 review 之前 sending
搜索-driven context — slk 搜索 "deployment process" 或 slk pins 到拉取 context 之前 answering questions

Limitations

macOS 仅 — uses Keychain + Electron storage paths
会话-based — acts 作为用户, 不 bot. mindful 的什么您发送
Draft drop 可能失败带有 draft_has_conflict 如果 Slack 有 conversation 打开
会话令牌 expires 在...上登出 — keep Slack app running 或 rely 在...上 cached 令牌

Missing Features & Issues

Create PR or Report Issue at: https://github.com/therohitdas/slkcli

Session-based Slack CLI for macOS. Auto-authenticates from the Slack desktop app — no tokens, no OAuth, no app installs. Acts as your user (xoxc- session tokens).

Commands

# Auth slk auth # Test authentication, show user/team # Read slk channels # List channels (alias: ch) slk dms # List DM conversations with IDs (alias: dm) slk read [count] # Read recent messages, default 20 (alias: r) slk read @username [count] # Read DMs by username slk read --threads # Auto-expand all threads slk read --from 2026-02-01 # Date range filter slk thread [count] # Read thread replies, default 50 (alias: t) slk search [count] # Search messages across workspace slk users # List workspace users (alias: u) # Activity slk activity # All channels with unread/mention counts (alias: a) slk unread # Only unreads, excludes muted (alias: ur) slk starred # VIP users + starred items (alias: star) slk saved [count] [--all] # Saved for later items (alias: sv) slk pins # Pinned items in a channel (alias: pin) # Write slk send # Send a message (alias: s) slk react # React to a message

# Drafts (synced to Slack editor UI) slk draft # Draft a channel message slk draft thread # Draft a thread reply slk draft user # Draft a DM slk drafts # List active drafts slk draft drop # Delete a draft

Channel accepts name (general), ID (C08A8AQ2AFP), @username for DMs, or user ID (U07RQTFCLUC).

Auth

Automatic — extracts session token from Slack desktop app's LevelDB + decrypts cookie from macOS Keychain.

First run: macOS will show a Keychain dialog asking to allow access to "Slack Safe Storage":

Allow — one-time access, prompted again next time
Always Allow — permanent, no future prompts (convenient but any process running as your user can extract credentials silently)
Deny — blocks access, slk cannot authenticate

Token cache: ~/.local/slk/token-cache.json — auto-validated, auto-refreshed on invalid_auth.

If auth fails (token rotated, Slack logged out):

rm ~/.local/slk/token-cache.json
slk auth

Slack desktop app must be installed and logged in. Does not need to be running if token is cached.

Reading Threads

Threads require a Slack timestamp. Use --ts to get it, then read the thread:

slk read general 10 --ts
# Output: [1/30/2026, 11:41 AM ts:1769753479.788949] User [3 replies]: ...slk thread general 1769753479.788949

Agent Workflow Examples

Heartbeat/cron unread check — slk unread → slk read for channels that need attention
Save & pick up — Human saves threads in Slack ("Save for later"). Agent runs slk saved during heartbeat, reads full threads with slk thread, summarizes or extracts action items
Daily channel digest — slk read 100 across key channels → compile decisions, open questions, action items → slk send daily-digest "📋 ..."
Weekly DM summary — slk read @boss 200 --from 2026-02-01 --threads → extract action items, decisions, context
Thread monitoring — Watch specific threads for new replies (incidents, PR reviews, decisions)
Draft for human review — slk draft "..." posts to Slack's editor UI for human to review before sending
Search-driven context — slk search "deployment process" or slk pins to pull context before answering questions

Limitations

macOS only — uses Keychain + Electron storage paths
Session-based — acts as your user, not a bot. Be mindful of what you send
Draft drop may fail with draft_has_conflict if Slack has that conversation open
Session token expires on logout — keep Slack app running or rely on cached token

Missing Features & Issues

Create PR or Report Issue at: https://github.com/therohitdas/slkcli

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

Commands

Auth

Reading Threads

Agent Workflow Examples

Limitations

Missing Features & Issues

Commands

Auth

Reading Threads

Agent Workflow Examples

Limitations

Missing Features & Issues

安装命令点击复制