// Clean up stale security-action Slack messages based on review signals (reactions, label removal, resolved threads). Use when the user wants to clean old notifications from a Slack channel.
Auto-detect top maintainers for each repo in an org and set the maintainers custom property via the GitHub API. Use when the user wants to populate or update maintainer metadata.
Validate metadata fields (author, source, category) in opengrep/semgrep YAML rule files. Use when the user wants to lint or check rule quality.
Delete Slack messages from a channel filtered by bot username and repository names. Use when the user wants to bulk-delete bot messages for specific repos.
Auto-dismiss Dependabot alerts matching configurable hotwords (e.g. DoS) or a GHSA/CVE dismiss list. Use when the user wants to bulk-dismiss low-priority Dependabot alerts.
Scan org repos for open Dependabot alerts at or above a severity threshold and build notification messages for maintainers. Use when the user wants to check or nudge about Dependabot vulnerabilities.
Fetch and parse a JSON config file from a GitHub repository. Use when the user wants to read a configuration file from a remote repo.
| name | cleanup-slack-messages |
| description | Clean up stale security-action Slack messages based on review signals (reactions, label removal, resolved threads). Use when the user wants to clean old notifications from a Slack channel. |
| argument-hint | [channel] |
| allowed-tools | Bash(node *) |
Delete stale security-action messages from a Slack channel based on review completion signals.
Run from the project root:
# Default channel (#secops-hotspots)
node run.js ./src/cleanupSecurityActionMessages.js --token=xoxb-... --githubToken=ghp_...
# Custom channel
node run.js ./src/cleanupSecurityActionMessages.js --token=xoxb-... --githubToken=ghp_... --channel="#security-alerts"
# Dry run (debug mode)
node run.js ./src/cleanupSecurityActionMessages.js --token=xoxb-... --githubToken=ghp_... --debug=true
| Parameter | Required | Default | Description |
|---|---|---|---|
--token | Yes | $SLACK_TOKEN | Slack bot token |
--githubToken | Yes | $GITHUB_TOKEN | GitHub PAT for PR queries |
--channel | No | #secops-hotspots | Slack channel name |
--debug | No | false | Log what would be deleted without deleting |
--defaultAssignees | No | - | Comma-separated fallback GitHub usernames |
A message is deleted if any of these signals are detected:
/cc'd person/cc'd personneeds-security-review label removed by a security assignee on the linked PRgithub-actions review threads resolved by a security assigneeReturns a number -- count of messages deleted (or count that would be deleted in debug mode).
.env file with SLACK_TOKEN and GITHUB_TOKENchat:write, channels:read, channels:history, reactions:read scopesrun.js entry point automatically loads .env credentials--debug=true first to preview what would be deleted