Slack MCP Server

MCP server for interacting with Slack workspaces via Bot Token API

Overall Score68/100

Score Breakdown

Authentication & Identity1 finding↓0/25

Tool Schema Quality1 finding↓21/25

Permission Granularity20/20

LLM Safety15/15

Data Exposure1 finding↓8/10

Maintenance & Trust1 finding↓4/5

Server Info

Package: @modelcontextprotocol/server-slack
Registry: npm
Repository: modelcontextprotocol/servers
Maintainer: AnthropicVendor
Category: Communication
Tags: messagingenterprisecollaboration
Last Scanned: 7 Apr 2026

Findings

4 issues

Authentication & Identity

HIGHNo per-request auth - requires instance-per-user

Stdio-only transport. Auth via SLACK_BOT_TOKEN env var (shared Bot OAuth token). SLACK_TEAM_ID is required. Optional SLACK_CHANNEL_IDS restricts which channels are visible. No MCP OAuth support. The package is DEPRECATED on npm. For multi-tenant deployment, the platform must spawn a separate server instance per user.

Remediation

Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.

Tool Schema Quality

MEDIUMOnly 0 of 8 schemas have parameter constraints

Most schemas lack maxLength, enum, or pattern constraints on string parameters.

Remediation

Add constraints to string parameters, especially on write operations.

Data Exposure

LOWNo field selection on responses

Responses return full records rather than projected fields.

Remediation

Implement field selection to return only relevant fields.

Maintenance & Trust

MEDIUM15 dependency vulnerabilities (6 high)

npm audit found 6 high severity CVEs.

Remediation

Update vulnerable dependencies.

Tools

8 total

Name	Description	Risk
slack_list_channels	List public or pre-defined channels in the workspace with pagination	read
slack_post_message	Post a new message to a Slack channel	write
slack_reply_to_thread	Reply to a specific message thread in Slack	write
slack_add_reaction	Add a reaction emoji to a message	write
slack_get_channel_history	Get recent messages from a channel	read
slack_get_thread_replies	Get all replies in a message thread	read
slack_get_users	Get a list of all users in the workspace with their basic profile information	read
slack_get_user_profile	Get detailed profile information for a specific user	read

Deploy Slack MCP Server securely

CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.

Deploy on CompleteFlow