VERIFIED

Slack

Safety: 55/100

0.0(0)

MCP server for Slack, offering read and write access to Slack workspaces via various transports, with configurable safety features and stealth/OAuth modes.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

MCP server for Slack, offering read and write access to Slack workspaces via various transports, with configurable safety features and stealth/OAuth modes.

This server offers a balance of read and write capabilities. It's relatively safe in read-only or stealth mode. Enabling write operations like message posting increases the risk, especially without proper channel restrictions and input validation. Exercise caution when enabling write operations.

Performance depends on network latency and Slack API rate limits. Caching of users and channels can improve performance.

Cost is primarily driven by Slack API usage, which is subject to rate limits and potential charges for high-volume usage.

HybridGo1,353 starsMITReleased 12/9/2025CI/CD

Connections & Capabilities

Connects To

GitHubSlack

Capabilities

ReadWrite

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Install

npx @modelcontextprotocol/inspector

Claude Desktop Config

{
  "mcpServers": {
    "slack": {
      "command": "npx",
      "args": [
        "-y",
        "slack-mcp-server@latest",
        "--transport",
        "stdio"
      ],
      "env": {
        "SLACK_MCP_XOXC_TOKEN": "xoxc-...",
        "SLACK_MCP_XOXD_TOKEN": "xoxd-..."
      }
    }
  }
}

Environment Variables

SLACK_MCP_XOXC_TOKENSLACK_MCP_XOXD_TOKENSLACK_MCP_XOXP_TOKENSLACK_MCP_XOXB_TOKENSLACK_MCP_PORTSLACK_MCP_API_KEY

Tools (9)

safe

conversations_history

Retrieves messages from a specified channel or DM.

Read-only operation; retrieves existing messages.

safe

conversations_replies

Retrieves replies to a specific thread in a channel or DM.

Read-only operation; retrieves existing replies.

moderate

conversations_add_message

Adds a message to a specified channel or thread.

Adds content to Slack, but is disabled by default and can be restricted to specific channels.

safe

conversations_search_messages

Searches messages within channels, DMs, and threads based on various filters.

Read-only operation; searches existing messages.

safe

channels_list

Lists available channels based on specified types.

Read-only operation; lists available channels.

moderate

reactions_add

Adds an emoji reaction to a message.

Adds a reaction to a message, but is disabled by default and can be restricted to specific channels.

moderate

reactions_remove

Removes an emoji reaction from a message.

Removes a reaction from a message, permission follows reactions_add.

safe

users_search

Searches for users by name, email, or display name.

Read-only operation; searches user information.

safe

usergroups_list

Lists all user groups in the workspace.

Read-only operation; lists user groups.

Security

Auth Method

OAuth|Token|Environment Variable

Data Locality

hybrid

Scopes

channels:historychannels:readchat:writeusers:readsearch:readreactions:readreactions:write

Known Risks

!Unvalidated inputs in message posting could lead to injection attacks.
!Overly permissive channel configurations for message posting could result in unintended information disclosure.
!Exposure of Slack API tokens could grant unauthorized access to the workspace.
!Search queries may expose sensitive data if not carefully crafted.
!Lack of rate limiting on write operations could lead to API abuse.

Safety Score

moderate risk

Positive

+Stealth mode allows operation without requiring extensive permissions.
+Message posting is disabled by default, requiring explicit enablement.
+Channel restrictions can be applied when message posting is enabled.
+OAuth mode provides secure token management.
+Cache support reduces API calls and potential rate limiting issues.

Risks

-Enabling message posting and reactions adds write capabilities, increasing risk.
-Lack of input sanitization could lead to message injection vulnerabilities.
-Improperly configured proxy settings could expose internal resources.
-Over-reliance on user-provided channel IDs could lead to information disclosure.
-Search functionality, while read-only, could expose sensitive information if queries are not carefully constructed.

Use Cases

Content Aggregation

-Gathering messages from specific channels for analysis.
-Archiving conversations for compliance purposes.
-Monitoring specific threads for relevant discussions.

Workflow Automation

-Posting automated updates to channels.
-Triggering actions based on message content.
-Adding reactions to messages based on sentiment analysis.

User Management

-Searching for users based on various criteria.
-Listing user groups for access control purposes.
-Identifying inactive users for cleanup.

Data Analysis

-Analyzing message sentiment in specific channels.
-Identifying trending topics in conversations.
-Measuring user engagement in different channels.

Who Is This For?

Best For

Teams needing to aggregate and analyze Slack data.
Organizations automating workflows within Slack.
Developers building integrations with Slack.
Security analysts monitoring Slack activity.

Not Ideal For

Applications requiring real-time, low-latency communication.
Use cases involving highly sensitive data without proper security controls.
Environments with strict compliance requirements without auditing capabilities.

Autonomy & Execution

Default ModeRead-only

Sandboxed

Autonomy is limited by the default read-only mode. Write operations require explicit enablement and channel restrictions for safety.

StatelessYes

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Start with read-only operations and gradually enable write operations with strict channel restrictions and input validation.

FAQ

What is stealth mode?

Stealth mode allows the server to operate without requiring additional permissions or bot installations in the Slack workspace.

How do I enable message posting?

Set the `SLACK_MCP_ADD_MESSAGE_TOOL` environment variable. Optionally, provide a comma-separated list of channel IDs to restrict posting to those channels.

What are the supported content types for message posting?

The supported content types are 'text/markdown' and 'text/plain'.

How does the search functionality work?

The search functionality allows you to search messages in channels, DMs, and threads using various filters like date, user, and content.

What is the difference between OAuth and stealth mode?

OAuth mode uses secure OAuth tokens for access, while stealth mode operates without requiring additional permissions or bot installations.

How can I improve the performance of the server?

Utilize the caching features for users and channels to reduce API calls and potential rate limiting issues.

What are the limitations of using bot tokens with the search functionality?

The `conversations_search_messages` tool is not available when using bot tokens (`xoxb-*`). Bot tokens cannot use the `search.messages` API.

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Slack - AI Tool Review & Alternatives | Flaex AI