Official Slack remote MCP server that connects Claude and other MCP clients to Slack search, messages, channels, threads, canvases, reactions, users, and workspace context through OAuth-backed Streamable HTTP.
Slack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact., Slack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow., Workspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack., The server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases., Read tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes., Do not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed., Slack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates., Require human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.
Privacy notes
Tool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history., OAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files., Search results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content., AI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls., Use test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting., Review Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.
Author
Slack
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04
Decision playbook
Review trust signals before you adopt
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
Compare context
Selected
0
Current score
78
Baseline
—
Delta
No baseline selected
No major trust-signal divergence detected in the current selection.
Source and provenance checks
Complete
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Done
Source provenance statusRequired
Marked as source-backed.
Done
Metadata reviewed
Registry metadata indicates a reviewed listing.
Done
Safety and privacy checks
Complete
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Done
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Done
Trust level risk gateRequired
Trust level does not block evaluation.
Done
Package and install checks
Needs review
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Done
Package verification flag
No package verification flag provided.
Pending
Checksum metadata
No checksum provided for downloaded artifact.
Pending
Compare-driven decision checks
Needs review
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
8 safety and 6 privacy notes across 8 risk areas. Review closely: credentials & tokens, permissions & scopes, network access, third-party handling.
8 areas
SafetyNetwork accessSlack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact.
SafetyLocal filesSlack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow.
SafetyPermissions & scopesWorkspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack.
SafetyPermissions & scopesThe server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases.
SafetyPermissions & scopesRead tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes.
SafetyLocal filesDo not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed.
SafetyData retentionSlack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates.
SafetyGeneralRequire human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.
PrivacyLocal filesTool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history.
PrivacyCredentials & tokensOAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files.
PrivacyCredentials & tokensSearch results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content.
PrivacyExecution & processesAI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls.
PrivacyCredentials & tokensUse test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting.
PrivacyThird-party handlingReview Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.
Safety notes
Slack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact.
Slack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow.
Workspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack.
The server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases.
Read tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes.
Do not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed.
Slack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates.
Require human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.
Privacy notes
Tool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history.
OAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files.
Search results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content.
AI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls.
Use test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting.
Review Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.
Prerequisites
Slack workspace with permission to connect MCP clients or request workspace-admin approval.
MCP-capable client that supports remote HTTP MCP and Slack's OAuth flow, such as Claude.ai, Claude Code, Cursor, Perplexity, or another compatible client.
Network access to `https://mcp.slack.com/mcp` using JSON-RPC 2.0 over Streamable HTTP.
Slack app identity or partner-client path that satisfies Slack's MCP app requirements.
OAuth approval plan for user-token scopes such as search, files, chat, channel history, group history, IM history, reactions, canvases, and user profile access.
Workspace policy for whether the connected assistant may read public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, or message history.
Human approval path for write actions such as sending messages, creating conversations, adding reactions, and creating or updating canvases.
Slack MCP Server is Slack's official remote Model Context Protocol server. It
lets Claude and other compatible MCP clients search Slack, retrieve messages,
read channels and threads, send or draft messages, create conversations, add
reactions, manage canvases, and inspect users through Slack-managed OAuth and
workspace-admin approval.
Slack documents the transport endpoint as:
https://mcp.slack.com/mcp
The server uses JSON-RPC 2.0 over Streamable HTTP. Slack's docs explicitly note
that SSE-based connections and Dynamic Client Registration are not supported at
this time, so use a client that supports Slack's current remote MCP/OAuth path.
These sources were reviewed on 2026-06-04. Prefer the live Slack docs over
model memory for endpoint behavior, OAuth metadata, available clients, app
identity requirements, scopes, rate limits, and tool coverage.
Features
Official Slack-hosted MCP server at https://mcp.slack.com/mcp.
Streamable HTTP transport with JSON-RPC 2.0.
OAuth-backed user-token flow using Slack OAuth endpoints and client-specific
authorization UX.
Workspace-admin managed approval for MCP client integrations.
Search tools for messages, files, users, public channels, private channels,
channel descriptions, and emoji.
Message tools for reading channels, reading threads, sending messages,
drafting messages, creating conversations, and adding reactions.
Canvas tools for creating, updating, reading, and exporting canvases as
markdown.
User tools for reading complete user profile information, custom profile
fields, statuses, and channel membership.
Slack Web API rate-limit behavior by MCP tool/action type.
Support path through partner-built clients such as Claude.ai, Claude Code,
Perplexity, and Cursor as listed by Slack.
Use Cases
Ask Claude to find prior decisions, release context, customer feedback, or
incident history across approved Slack channels.
Summarize long channels or threads before a follow-up meeting.
Draft a status update, release note, incident note, or team announcement for
human review before posting.
Create a project channel or group conversation after a human confirms the
audience and name.
Add reactions to acknowledge specific workflow events in low-risk channels.
Create or update canvases that summarize research, sprint plans, runbooks, or
project notes.
Inspect user profiles or channel membership when routing questions to the
right team.
Combine Slack context with other read-only tools after reviewing cross-tool
data movement.
Installation
Claude Code
Add the remote MCP server with HTTP transport:
claude mcp add --transport http slack https://mcp.slack.com/mcp
Then follow your client's Slack OAuth flow and any workspace-admin approval
steps. Verify the server appears in the MCP list:
claude mcp list
Claude Desktop or Other MCP Clients
Use the client-specific remote HTTP MCP configuration format. A generic shape is:
Restart or reconnect the client, complete Slack OAuth, and verify the scopes and
workspace approval status before asking the assistant to read or write Slack
content.
Requirements
Slack workspace and user account.
Admin-approved MCP client integration or permission to request approval.
Supported MCP client with remote HTTP transport and Slack OAuth support.
OAuth client/app identity path that satisfies Slack's fixed app ID
requirements.
User-token scopes matching the tools you intend to use.
Network access to https://mcp.slack.com/mcp.
Workspace data-governance policy covering AI access to public channels,
private channels, DMs, files, canvases, and user profiles.
Rate-limit and human-review policy for searches, message writes, reactions,
conversation creation, and canvas changes.
For managed workspaces, confirm with Slack admins which app/client is approved,
which scopes are enabled, and whether audit logs are being reviewed for MCP
activity.
Security And Privacy Review
Start with the smallest scopes that satisfy the workflow. Avoid granting DMs,
private channels, files, canvases, user email, or write scopes until the use
case requires them.
Treat message posting and canvas edits as production writes. Ask the assistant
to draft first, then require a human to approve the exact target conversation
and message.
Avoid prompts that ask the assistant to sweep all channels, enumerate private
spaces, or summarize unrelated personal conversations.
Use Slack audit logs and app-management views to review MCP activity where
your plan supports it.
Keep Slack context out of public issues, PR bodies, screenshots, logs, and
downstream tools unless the content owner approved sharing.
Review cross-server flows before combining Slack with GitHub, Jira, Linear,
databases, browsers, filesystems, or shell tools.
Troubleshooting
OAuth fails: verify that the MCP client supports Slack's current OAuth
flow, the app/client is approved for the workspace, and the user has access to
the requested scopes.
Client cannot connect: confirm it supports Streamable HTTP MCP and is
configured with https://mcp.slack.com/mcp, not an SSE endpoint.
Tool is missing or denied: check the OAuth scopes enabled for the user
token and whether the workspace admin approved that capability.
Search returns too little: confirm channel membership, private-channel
access, search scopes, and date/user/content filters.
Writes are unexpectedly broad: require draft-first workflows and verify
channel, DM, canvas, or conversation targets before execution.
Rate limits appear: narrow the search, batch requests intentionally, and
avoid repeated autonomous loops over channels or threads.
Duplicate Check
No existing upstream content file uses the slack-mcp-server slug, Slack MCP
endpoint, or official Slack MCP documentation URLs.
Existing Slack notifier hooks and generic Slack mentions remain distinct
because this entry covers Slack's official remote MCP server, OAuth scopes,
Streamable HTTP endpoint, Slack tools, admin approval, and Slack-specific data
governance.
Editorial Disclosure
This is a source-backed community content entry submitted by oktofeesh1.
There is no paid placement, affiliate link, sponsorship, or maintainer-verified
package artifact attached to this listing.
Show that Slack MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/mcp/slack-mcp-server)
How it compares
Slack MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
2 trust signals differ across this comparison (Source provenance, Submitter).
Official Slack remote MCP server that connects Claude and other MCP clients to Slack search, messages, channels, threads, canvases, reactions, users, and workspace context through OAuth-backed Streamable HTTP.
Apache-2.0 agentic proxy that can expose stdio, HTTP, SSE, and Streamable HTTP MCP servers through a managed gateway with federation, OAuth/JWT authentication, RBAC/CEL policy, CORS, TLS, observability, and Kubernetes Gateway API support.
Hosted Streamable HTTP MCP server for creating, inspecting, testing, publishing, unpublishing, analyzing, and styling Dreamlit notification workflows from AI clients.
Artidrop remote MCP server for publishing HTML, Markdown, and multi-file sites from AI agents with shareable URLs via streamable HTTP, optional API keys, and AFAuth agent identities.
✓Slack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact.
Slack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow.
Workspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack.
The server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases.
Read tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes.
Do not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed.
Slack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates.
Require human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.
✓Agentgateway can aggregate and expose many downstream MCP targets through one endpoint; every target's permissions become part of the gateway surface.
Stdio targets are spawned by the gateway process, so commands such as package runners or containers inherit the gateway host's trust boundary.
Demo configs use permissive CORS and local authorization servers; lock down origins, headers, issuers, audiences, JWKS, and resource metadata before production use.
CEL/RBAC policies can inspect MCP tool names, arguments, results, prompts, resources, request bodies, JWT claims, API keys, and backend metadata; test policies before relying on them.
Remote MCP proxying, OAuth provider adaptation, Kubernetes routing, TLS termination, and guardrails are infrastructure changes that should go through normal security review.
✓Dreamlit MCP is a hosted remote server at `https://mcp.dreamlit.ai/mcp`; the public repository contains setup docs and registry metadata, not the production backend source.
Write scopes can create or update workflow drafts and send workflow tests; publish scopes can publish, schedule, or unpublish live notification workflows.
Publishing is a separate explicit step in Dreamlit's recommended flow; keep a human confirmation gate before `confirm_publish` or `unpublish_workflow`.
Use least-privilege OAuth scopes. Read-only review clients should not receive `workflows:write` or `workflows:publish`.
Test important email or Slack notification drafts before publishing, especially when prompts include personalization rules, timing, timezone, or unsubscribe behavior.
✓Publish and update tools create publicly reachable URLs when visibility is public or unlisted.
Pass content verbatim through MCP; reformatting can break HTML, script, or markdown rendering per official guidance.
Anonymous publishes are limited to five per hour per IP; authenticated keys raise limits but billable access may apply.
AFAuth agent signup provisions accounts without portal keys; review attestation and ownership policies before production use.
Privacy notes
✓Tool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history.
OAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files.
Search results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content.
AI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls.
Use test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting.
Review Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.
✓MCP requests, tool arguments, tool results, prompt names, resource names, session IDs, JWT/API-key claims, raw request/response bodies, logs, traces, and telemetry may pass through the gateway.
CEL policy and observability features may buffer or inspect request and response bodies depending on configuration.
OAuth/JWT metadata, bearer tokens, API keys, DCR secrets, Keycloak/Auth0/Okta settings, and upstream MCP credentials must be protected as secrets.
Any data returned by downstream MCP tools can still be sent onward by the MCP client to the configured model provider.
✓Dreamlit MCP can expose workflow metadata, saved brand kit summaries, connected project context, preview or builder URLs, and bounded notification analytics.
Analytics access can reveal recipient engagement and workflow run data; filter narrowly and paginate instead of requesting broad reporting dumps.
Do not paste database credentials, raw secrets, private tokens, or integration credentials into prompts or shared MCP configs.
Review Dreamlit, MCP client, AI-provider, and downstream-tool retention policies before using real customer, recipient, or workspace data.
✓Published artifacts, titles, and content are stored on Artidrop infrastructure according to its privacy terms.
API keys and OAuth tokens grant publish and management access; store them in connector headers, not chat logs.
Private visibility restricts reads to owners, but MCP tool output may still appear in Claude session history.
Prerequisites
Slack workspace with permission to connect MCP clients or request workspace-admin approval.
MCP-capable client that supports remote HTTP MCP and Slack's OAuth flow, such as Claude.ai, Claude Code, Cursor, Perplexity, or another compatible client.
Network access to `https://mcp.slack.com/mcp` using JSON-RPC 2.0 over Streamable HTTP.
Slack app identity or partner-client path that satisfies Slack's MCP app requirements.
Agentgateway binary, container image, or source checkout from the upstream release/container/docs path.
At least one downstream MCP target, such as a stdio command, remote MCP server, SSE server, or Streamable HTTP server.
MCP client that can connect to the exposed Streamable HTTP or SSE route.
Auth, CORS, TLS, route, and policy configuration reviewed before shared or remote exposure.
Dreamlit workspace and project access for the notification workflows being managed.
MCP client that supports remote Streamable HTTP servers and Dreamlit OAuth, or a client path that can use Dreamlit personal access tokens.
Workspace decision on which scopes to grant, such as `workflows:read`, `workflows:write`, `workflows:publish`, and `analytics:read`.
Human review process for workflow tests, publishing, scheduling, and unpublishing actions.
Artidrop API key from https://artidrop.ai for authenticated list, update, and delete tools, or accept anonymous publish rate limits.
Claude Pro, Team, or Enterprise with Connectors support, or another MCP client with streamable HTTP transport.
Review of Artidrop visibility settings (public, unlisted, private) before publishing sensitive content.
Human review of generated HTML or Markdown before publishing externally shareable artifacts.
Install
claude mcp add --transport http slack https://mcp.slack.com/mcp