slack-mcp
Verified Safeby duolingo
Overview
A read-only Model Context Protocol (MCP) server for Slack, providing secure, multi-user access to Slack data through a set of API tools.
Installation
docker run -p 8001:8001 -e SLACK_CLIENT_ID="your_client_id" -e SLACK_CLIENT_SECRET="your_client_secret" -e SLACK_MCP_BASE_URI="https://your-domain.com" -e SLACK_EXTERNAL_URL="https://your-domain.com" slack-mcpEnvironment Variables
- SLACK_CLIENT_ID
- SLACK_CLIENT_SECRET
- SLACK_MCP_BASE_URI
- SLACK_EXTERNAL_URL
- SLACK_MCP_PORT
Security Notes
The server demonstrates strong security practices, particularly in its OAuth and session management. It explicitly implements immutable session-to-user bindings and uses cryptographically secure state parameters for CSRF protection during the OAuth flow. Environment variables are used for sensitive credentials (Client ID/Secret), preventing hardcoding. It leverages well-established libraries like `fastmcp`, `fastapi`, and `slack-sdk`. No direct 'eval' or other obvious arbitrary code execution vectors were found. The primary risk would be misconfiguration of environment variables or allowing access to untrusted clients, which is external to the code's direct vulnerabilities.
Similar Servers
fastmcp
An ergonomic, extensible, and high-performance framework for building and interacting with Model Context Protocol (MCP) servers and clients. It facilitates modular AI component development and robust integration with external APIs via OpenAPI specifications.
mcp-context-forge
Retrieves web content and files from URLs, then converts them into high-quality Markdown format, supporting various content types and conversion engines.
slack-mcp-server
Model Context Protocol (MCP) server providing real-time and historical Slack data access to AI models.
slack-mcp-client
The Slack MCP Client acts as a production-ready bridge enabling AI models to interact with real tools and systems through Slack conversations via the Model Context Protocol.