slack-mcp-server
MCPModel Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio, SSE and HTTP transports, proxy settings, DMs, Group DMs, Smart History fetch (by date or
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ✓ | SSE transport preferred but stdio also available, Tool schemas may need minor adaptation for OpenAI function calling format |
| LangChain | ~ | Complex nested types in some tool schemas may not serialize cleanly, Stateful provider with caching may conflict with LangChain's execution model, Tools with date/cursor pagination may need adapter layer |
Security findings
Hardcoded sensitive test credentials in util package
pkg/test/util/mcp.go contains hardcoded Slack tokens (xoxp, xoxc, xoxd) in environment variables passed to exec.Command. These tokens are visible in process listings via `ps` and may be logged.
Command injection risk in npm wrapper script
npm/slack-mcp-server/bin/index.js uses childProcess.execFileSync() with process.argv.slice(2) passed directly as arguments. While execFileSync is safer than exec, there's no validation of arguments before passing to the binary.
Insufficient TLS certificate validation
pkg/transport/transport.go contains a hardcoded 'HTTP Toolkit CA' certificate (toolkitPEM) that appears to be added to the certificate pool. This could enable man-in-the-middle attacks if this CA is used to validate production connections.
Bearer token exposed in debug logs
pkg/server/auth/sse_auth.go logs authentication attempts at debug level (zap.Debug) including 'has_bearer_prefix' checks. In verbose logging modes, this could expose authentication tokens in log files.
No input validation on URL unfurling domains
Missing length limits on channel filters
File path sanitization incomplete
Proxy configuration from environment without validation
Reliability
Success rate
82%
Calls made
100
Avg latency
450ms
P95 latency
1200ms
Failure modes
- • Cache file corruption: No validation of cached JSON data integrity before use, could return corrupt data if file partially written
- • Resource exhaustion: Channel refresh operations load entire channel lists into memory with no pagination limits for large workspaces
- • Panic on invalid tool config: validateToolConfig can panic on mixed positive/negative rules, only returns error for this case but main.go calls logger.Fatal which exits
- • Race conditions: Provider warming happens in goroutines without proper synchronization - multiple refresh operations could run concurrently
- • Network timeout handling: HTTP transport has 30s timeouts but no retry logic for transient failures
- • Authentication bypass: Resources don't use middleware auth, manual auth check that could be missed in new resources
- • Malformed Slack responses: slack_error_test.go shows known bug where Slack API returns string arrays instead of objects, code may crash on such responses
- • CSV generation errors: Channels handler marshals to CSV without checking field values for CSV special characters
- • Missing input validation: Channel types filter allows any string, only warns on invalid types but continues processing
- • Proxy credential leak: uTLS transport constructs proxy URLs without sanitizing credentials from logs
Code health
License
MIT
Has tests
Yes
Has CI
No
Dependencies
89
Well-documented Go MCP server with comprehensive README (23KB), security docs, and detailed configuration guides. Has solid test coverage including integration tests with real Slack workspace interaction. Published to npm registry with multi-platform binaries. MIT licensed. Missing: CI/CD configuration, changelog, and type checking (Go has types but no explicit linter config visible). Cannot assess git activity as only static files provided. Dependencies appear reasonable for a Slack integration (89 deps via go.mod). Code shows production-ready patterns: custom transport with uTLS, rate limiting, caching with TTL, and auth middleware. Test quality is high with edge cases covered (cache expiry, CSV parsing, auth flows). Main gaps are CI automation and public changelog for releases.