Slk — Slack CLI工具

Name: Slk — Slack CLI工具
Author: therohitdas

therohitdas

💬 Slk — Slack CLI工具

v1.0.0

通过slk CLI读取、发送、搜索和管理Slack消息和私信。当用户要求检查Slack、阅读频道或私信、发送Slack消息、搜索Slack、检查未读、管理草稿、查看已保存项目或与Slack工作区交互时使用。也用于心跳Slack检查。在'检查Slack'、'任何Slack消息'、'在Slack上发送'、'Slack未读'、'搜索Slack'、'Slack线程'、'在Slack上草稿'、'阅读Slack私信'、'在Slack上发消息'时触发。

0· 1,100·0 当前·0 累计

by @therohitdas·MIT-0

网络工具开发工具

下载技能包

License

MIT-0

最后更新

2026/4/8

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

该技能的代码、安装方法和运行时指令与其所述目的（自动提取Slack会话的macOS Slack CLI）匹配——它完全做到了它所说的，不请求无关的凭证，但它必须访问敏感的本地机密（Keychain、Slack cookies、LevelDB），因此安装/使用需要谨慎。

评估建议

此技能似乎就是它声称的那样：一个macOS Slack CLI，自动提取您的Slack会话，因此它可以充当您的用户。这需要读取敏感的本地数据（Keychain、Slack Cookies SQLite、LevelDB）并调用本地工具（security、sqlite3、openssl、python3、curl）。安装之前，考虑：1) 仅在您控制的个人/受信任机器上安装——在共享或托管机器上，这可能暴露会话令牌；2) 优先用'允许'而非'始终允许'回答Keychain提示，以避免静默的未来访问；3) 如果您需要更强的信任，请检查npm包（作者/仓库）并验证其来源；4) 知道创建了令牌缓存（~/.local/slk/token-cache.json）——如果需要，删除它以强制重新提取；5) 如果您计划让自主代理使用此技能，理解它可以像您一样阅读和发送Slack消息（对于个人账户操作，权限很高）。如果以上任何一项不可接受，请不要安装或限制代理权限。...

详细分析 ▾

✓ 用途与能力

该技能是一个macOS Slack CLI，通过从桌面应用提取Slack会话凭证进行自动认证；包、二进制文件和代码（auth.js、api.js、commands.js、drafts.js）都实现该功能。技能所需的任何内容（npm slkcli、'slk'二进制文件）都与所述目的无关。

ℹ 指令范围

SKILL.md和代码指导代理使用slk CLI阅读/发送/搜索/管理Slack消息。实现明确读取macOS Keychain、复制和查询Slack的Cookies SQLite、扫描LevelDB、运行本地命令（sqlite3、security、openssl、python3、curl）以提取和验证会话令牌。这些操作很敏感，但实现'基于会话/充当用户'功能所需，并且在README/SKILL.md中有记录。

ℹ 安装机制

通过公共npm包'slkcli'安装（创建'slk'二进制文件）。npm是Node CLI的标准分发渠道（与无安装相比，中等风险）。不存在任意URL下载或从未知主机提取。如果您需要更强的保证，请审查npm包来源。

✓ 凭证需求

技能不请求环境变量和外部凭证，这是一致的。然而，它访问高度敏感的本地工件（来自Keychain的Slack安全存储密钥、Slack Cookies DB、LevelDB会话数据），因为它有意设计为通过会话令牌充当用户。该访问与所述能力相称，但与大多数CLI工具相比，敏感性显著提高。

ℹ 持久化与权限

技能不设置always:true，可由用户调用。它在~/.local/slk/token-cache.json写入令牌缓存，并且会提示macOS Keychain。README警告'Always Allow' Keychain选项——选择该选项会删除用户提示，允许任何以您用户身份运行的进程提取相同密钥，增加风险。自主调用结合令牌访问会增加影响范围（对于此类工具是预期的）。

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

🖥️ OSmacOS

版本

latestv1.0.02026/2/11

macOS的Slack CLI技能初始版本。- 直接通过slk CLI阅读、发送、搜索和管理Slack消息和私信。- 支持Slack频道和私信阅读、发送消息、搜索、检查未读、管理草稿、已保存项目和查看线程。- 基于会话的认证：使用macOS Keychain从Slack桌面应用自动提取用户会话（无需令牌或OAuth）。- 专为个人代理工作流和心跳检查设计，具有广泛的命令选项。- 仅macOS；使用用户权限和会话行事。

● 可疑

安装命令点击复制

官方npx clawhub@latest install slk

镜像加速npx clawhub@latest install slk --registry https://cn.clawhub-mirror.com

技能文档

Session-based Slack CLI for macOS. Auto-authenticates from the Slack desktop app — no tokens, no OAuth, no app installs. Acts as your user (xoxc- session tokens).

Commands

# Auth slk auth # Test authentication, show user/team # Read slk channels # List channels (alias: ch) slk dms # List DM conversations with IDs (alias: dm) slk read [count] # Read recent messages, default 20 (alias: r) slk read @username [count] # Read DMs by username slk read --threads # Auto-expand all threads slk read --from 2026-02-01 # Date range filter slk thread [count] # Read thread replies, default 50 (alias: t) slk search [count] # Search messages across workspace slk users # List workspace users (alias: u) # Activity slk activity # All channels with unread/mention counts (alias: a) slk unread # Only unreads, excludes muted (alias: ur) slk starred # VIP users + starred items (alias: star) slk saved [count] [--all] # Saved for later items (alias: sv) slk pins # Pinned items in a channel (alias: pin) # Write slk send # Send a message (alias: s) slk react # React to a message

# Drafts (synced to Slack editor UI) slk draft # Draft a channel message slk draft thread # Draft a thread reply slk draft user # Draft a DM slk drafts # List active drafts slk draft drop # Delete a draft

Channel accepts name (general), ID (C08A8AQ2AFP), @username for DMs, or user ID (U07RQTFCLUC).

Auth

Automatic — extracts session token from Slack desktop app's LevelDB + decrypts cookie from macOS Keychain.

第一个 run: macOS 将 show Keychain 对话框 asking 到 allow access 到 "Slack Safe Storage":

Allow — one-时间 access, prompted again 下一个时间
Always Allow — permanent, 否 future prompts (convenient 但是任何 process running 作为用户可以 extract credentials silently)
Deny — blocks access, slk cannot 认证

令牌缓存: ~/.local/slk/令牌-缓存.json — auto-validated, auto-refreshed 在...上 invalid_auth.

If auth fails (token rotated, Slack logged out):

rm ~/.local/slk/token-cache.json
slk auth

Slack desktop app must be installed and logged in. Does not need to be running if token is cached.

Reading Threads

Threads require a Slack timestamp. Use --ts to get it, then read the thread:

slk read general 10 --ts
# Output: [1/30/2026, 11:41 AM ts:1769753479.788949] User [3 replies]: ...slk thread general 1769753479.788949

Agent Workflow Examples

Heartbeat/cron unread check — slk unread → slk 读取 对于 channels 需要 attention
保存 & pick up — Human saves threads 在...中 Slack ("保存对于 later"). Agent runs slk saved 期间 heartbeat, reads 满 threads 带有 slk thread, summarizes 或 extracts action items
Daily channel digest — slk 读取 100 穿过键 channels → compile decisions, 打开 questions, action items → slk 发送 daily-digest "📋 ..."
Weekly DM summary — slk 读取 @boss 200 --从 2026-02-01 --threads → extract action items, decisions, context
Thread monitoring — Watch specific threads 对于新的 replies (incidents, PR reviews, decisions)
Draft 对于 human review — slk draft "..." posts 到 Slack's editor UI 对于 human 到 review 之前 sending
搜索-driven context — slk 搜索 "deployment process" 或 slk pins 到拉取 context 之前 answering questions

Limitations

macOS 仅 — uses Keychain + Electron storage paths
会话-based — acts 作为用户, 不 bot. mindful 的什么您发送
Draft drop 可能失败带有 draft_has_conflict 如果 Slack 有 conversation 打开
会话令牌 expires 在...上登出 — keep Slack app running 或 rely 在...上 cached 令牌

Missing Features & Issues

Create PR or Report Issue at: https://github.com/therohitdas/slkcli

Session-based Slack CLI for macOS. Auto-authenticates from the Slack desktop app — no tokens, no OAuth, no app installs. Acts as your user (xoxc- session tokens).

Commands

# Auth slk auth # Test authentication, show user/team # Read slk channels # List channels (alias: ch) slk dms # List DM conversations with IDs (alias: dm) slk read [count] # Read recent messages, default 20 (alias: r) slk read @username [count] # Read DMs by username slk read --threads # Auto-expand all threads slk read --from 2026-02-01 # Date range filter slk thread [count] # Read thread replies, default 50 (alias: t) slk search [count] # Search messages across workspace slk users # List workspace users (alias: u) # Activity slk activity # All channels with unread/mention counts (alias: a) slk unread # Only unreads, excludes muted (alias: ur) slk starred # VIP users + starred items (alias: star) slk saved [count] [--all] # Saved for later items (alias: sv) slk pins # Pinned items in a channel (alias: pin) # Write slk send # Send a message (alias: s) slk react # React to a message

# Drafts (synced to Slack editor UI) slk draft # Draft a channel message slk draft thread # Draft a thread reply slk draft user # Draft a DM slk drafts # List active drafts slk draft drop # Delete a draft

Channel accepts name (general), ID (C08A8AQ2AFP), @username for DMs, or user ID (U07RQTFCLUC).

Auth

Automatic — extracts session token from Slack desktop app's LevelDB + decrypts cookie from macOS Keychain.

First run: macOS will show a Keychain dialog asking to allow access to "Slack Safe Storage":

Allow — one-time access, prompted again next time
Always Allow — permanent, no future prompts (convenient but any process running as your user can extract credentials silently)
Deny — blocks access, slk cannot authenticate

Token cache: ~/.local/slk/token-cache.json — auto-validated, auto-refreshed on invalid_auth.

If auth fails (token rotated, Slack logged out):

rm ~/.local/slk/token-cache.json
slk auth

Slack desktop app must be installed and logged in. Does not need to be running if token is cached.

Reading Threads

Threads require a Slack timestamp. Use --ts to get it, then read the thread:

slk read general 10 --ts
# Output: [1/30/2026, 11:41 AM ts:1769753479.788949] User [3 replies]: ...slk thread general 1769753479.788949

Agent Workflow Examples

Heartbeat/cron unread check — slk unread → slk read for channels that need attention
Save & pick up — Human saves threads in Slack ("Save for later"). Agent runs slk saved during heartbeat, reads full threads with slk thread, summarizes or extracts action items
Daily channel digest — slk read 100 across key channels → compile decisions, open questions, action items → slk send daily-digest "📋 ..."
Weekly DM summary — slk read @boss 200 --from 2026-02-01 --threads → extract action items, decisions, context
Thread monitoring — Watch specific threads for new replies (incidents, PR reviews, decisions)
Draft for human review — slk draft "..." posts to Slack's editor UI for human to review before sending
Search-driven context — slk search "deployment process" or slk pins to pull context before answering questions

Limitations

macOS only — uses Keychain + Electron storage paths
Session-based — acts as your user, not a bot. Be mindful of what you send
Draft drop may fail with draft_has_conflict if Slack has that conversation open
Session token expires on logout — keep Slack app running or rely on cached token

Missing Features & Issues

Create PR or Report Issue at: https://github.com/therohitdas/slkcli

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

Commands

Auth

Reading Threads

Agent Workflow Examples

Limitations

Missing Features & Issues

Commands

Auth

Reading Threads

Agent Workflow Examples

Limitations

Missing Features & Issues

安装命令点击复制