[Bug]: SLACK_USER_TOKEN is used in tests/check to enable slack, but not used when accessing the user token

[andaag]

Summary

Search for it in the code. SLACK_USER_TOKEN is checked to verify whether or not the slack config should be enabled, but it's not used in the slack config itself.

We use environment variables to reduce attack surface (load data into environment before loading openclaw, strip access to /proc/*/environ and maps from all processes). And this incredibly sensitive token can't be stripped this way.

Steps to reproduce

1. Configure SLACK_USER_TOKEN
2. Boot up openclaw
3. No slack user token is found, that's only read from the openclaw.json file.

Expected behavior

SLACK_USER_TOKEN is checked alongside the openclaw.json config for the users token.

Actual behavior

No token is found

OpenClaw version

2026.2.24

Operating system

For many users

Install method

docker

[Sid-Qin]

Submitted a fix in PR #26525. Added resolveSlackUserToken() and wired SLACK_USER_TOKEN env var as a fallback in resolveSlackAccount(), following the same pattern as SLACK_BOT_TOKEN and SLACK_APP_TOKEN.