Risk Assessment for Slack Applications

Discover how to evaluate the security risks associated with Slack Applications and how to protect your company's data.

Written By Davit Asatryan (Administrator)

Updated at August 8th, 2023

Risk Assessment for Slack will allow administrators to get an understanding of all 3rd party applications connected to their Slack workspaces.

The reality with Slack is that once one user connects an application to Slack, all other users within the workspace are also able to utilize it. If there is no set process to inventory, assess and manage applications, organizations may face data leak and loss issues.

Let's see how the SpinOne platform can help!


Visibility & Inventory

SpinOne will automatically detect and inventory all 3rd party applications connected to Slack. Additionally, this is not only for one workspace, but multiple workspaces can be combined together to view an aggregated list on one platform.

The list of applications provides a lot of useful information, and we've highlighted some key parts:

  1. Name - application name as stated by the developer
  2. Category - category of application
  3. Risk Score & Status - SpinOne's assessment score out of a 100. The green indicator will display active applications, whereas gray represents inactive
  4. Type - identifies the type of Slack application, and whether it is from the Slack app directory
  5. Workspaces - the number of workspaces the application is installed in
  6. Access last granted - last time the application had access to the workspace



Each application receives an assessment score from 1 - 100. The breakdown of scores is:

  • High risk: 1- 35
  • Medium risk: 36 - 65
  • Low risk: 66 - 100

To see more information and understand why an application has received a specific score, click on the app to open up the assessment profile.


Immediately, you'll notice a quick overview of the application along with links to the developer's homepage and marketplace listing, and also 4 sections:

  • Scope of permissions - list of all permissions requested by the application
  • Business Operation Risk - possible operational risk from using the application
  • Security Risk - potential of an application to become the source of a sensitive data breach or cyberattack
  • Compliance Risk - application's compliance with common data protection regulations

You can open each section to see all the factors that are taken into consideration for SpinOne's assessment of each application.


You can also head to the Workspaces tab of each application to see which Slack Workspaces it is connected to.


Now you will have full visibility and assessment capabilities for your Slack 3rd party applications. Start to use this information, generate reports to drive business decisions on applications that need to be blocklisted or allowlisted.

If you have any questions or concerns, please reach out to us at support@spin.ai.

Was this article helpful?