Model Context Protocol moderate risk

Slack

MCP server for Slack, offering read and write access to Slack workspaces via various transports, with configurable safety features and stealth/OAuth modes.

Connections & Capabilities

Connects To

GitHubSlack

Capabilities

readwrite

Quickstart

Install

npx @modelcontextprotocol/inspector

Config

{
  "mcpServers": {
    "slack": {
      "command": "npx",
      "args": [
        "-y",
        "slack-mcp-server@latest",
        "--transport",
        "stdio"
      ],
      "env": {
        "SLACK_MCP_XOXC_TOKEN": "xoxc-...",
        "SLACK_MCP_XOXD_TOKEN": "xoxd-..."
      }
    }
  }
}

Exposed MCP Tools (9)

safe

conversations_history

Retrieves messages from a specified channel or DM.

Read-only operation; retrieves existing messages.

safe

conversations_replies

Retrieves replies to a specific thread in a channel or DM.

Read-only operation; retrieves existing replies.

moderate

conversations_add_message

Adds a message to a specified channel or thread.

Adds content to Slack, but is disabled by default and can be restricted to specific channels.

safe

conversations_search_messages

Searches messages within channels, DMs, and threads based on various filters.

Read-only operation; searches existing messages.

safe

channels_list

Lists available channels based on specified types.

Read-only operation; lists available channels.

moderate

reactions_add

Adds an emoji reaction to a message.

Adds a reaction to a message, but is disabled by default and can be restricted to specific channels.

moderate

reactions_remove

Removes an emoji reaction from a message.

Removes a reaction from a message, permission follows reactions_add.

safe

users_search

Searches for users by name, email, or display name.

Read-only operation; searches user information.

safe

usergroups_list

Lists all user groups in the workspace.

Read-only operation; lists user groups.

Safety Assessment

This server offers a balance of read and write capabilities. It's relatively safe in read-only or stealth mode. Enabling write operations like message posting increases the risk, especially without proper channel restrictions and input validation. Exercise caution when enabling write operations.

Stealth mode allows operation without requiring extensive permissions.
Message posting is disabled by default, requiring explicit enablement.
Channel restrictions can be applied when message posting is enabled.
OAuth mode provides secure token management.
Cache support reduces API calls and potential rate limiting issues.

Enabling message posting and reactions adds write capabilities, increasing risk.
Lack of input sanitization could lead to message injection vulnerabilities.
Improperly configured proxy settings could expose internal resources.
Over-reliance on user-provided channel IDs could lead to information disclosure.
Search functionality, while read-only, could expose sensitive information if queries are not carefully constructed.