Skip to main content
mcpSource-backed
Slack logo

Slack MCP Server for Claude

Official Slack remote MCP server that connects Claude and other MCP clients to Slack search, messages, channels, threads, canvases, reactions, users, and workspace context through OAuth-backed Streamable HTTP.

by Slack · submitted by oktofeesh1·added 2026-06-04·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://docs.slack.dev/ai/slack-mcp-server/, https://github.com/JSONbored/awesome-claude/blob/main/content/mcp/slack-mcp-server.mdx
Brand
Slack
Brand domain
slack.com
Brand asset source
brandfetch
Safety notes
Slack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact., Slack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow., Workspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack., The server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases., Read tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes., Do not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed., Slack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates., Require human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.
Privacy notes
Tool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history., OAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files., Search results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content., AI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls., Use test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting., Review Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.
Author
Slack
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

20 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

7 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.

0/7 ready
Account & credentials4Install & runtime1Network & hosting1Review & approval120 minutes

Safety & privacy surface

Safety & privacy surface

8 safety and 6 privacy notes across 8 risk areas. Review closely: credentials & tokens, permissions & scopes, network access, third-party handling.

8 areas
  • SafetyNetwork accessSlack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact.
  • SafetyLocal filesSlack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow.
  • SafetyPermissions & scopesWorkspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack.
  • SafetyPermissions & scopesThe server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases.
  • SafetyPermissions & scopesRead tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes.
  • SafetyLocal filesDo not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed.
  • SafetyData retentionSlack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates.
  • SafetyGeneralRequire human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.
  • PrivacyLocal filesTool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history.
  • PrivacyCredentials & tokensOAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files.
  • PrivacyCredentials & tokensSearch results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content.
  • PrivacyExecution & processesAI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls.
  • PrivacyCredentials & tokensUse test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting.
  • PrivacyThird-party handlingReview Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.

Safety notes

  • Slack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact.
  • Slack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow.
  • Workspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack.
  • The server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases.
  • Read tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes.
  • Do not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed.
  • Slack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates.
  • Require human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.

Privacy notes

  • Tool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history.
  • OAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files.
  • Search results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content.
  • AI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls.
  • Use test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting.
  • Review Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.

Prerequisites

  • Slack workspace with permission to connect MCP clients or request workspace-admin approval.
  • MCP-capable client that supports remote HTTP MCP and Slack's OAuth flow, such as Claude.ai, Claude Code, Cursor, Perplexity, or another compatible client.
  • Network access to `https://mcp.slack.com/mcp` using JSON-RPC 2.0 over Streamable HTTP.
  • Slack app identity or partner-client path that satisfies Slack's MCP app requirements.
  • OAuth approval plan for user-token scopes such as search, files, chat, channel history, group history, IM history, reactions, canvases, and user profile access.
  • Workspace policy for whether the connected assistant may read public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, or message history.
  • Human approval path for write actions such as sending messages, creating conversations, adding reactions, and creating or updating canvases.

Schema details

Install type
cli
Troubleshooting
Yes
Collection metadata
Estimated setup
20 minutes
Difficulty
intermediate
Full copyable content
{
  "slack": {
    "url": "https://mcp.slack.com/mcp",
    "transport": "http"
  }
}

About this resource

Content

Slack MCP Server is Slack's official remote Model Context Protocol server. It lets Claude and other compatible MCP clients search Slack, retrieve messages, read channels and threads, send or draft messages, create conversations, add reactions, manage canvases, and inspect users through Slack-managed OAuth and workspace-admin approval.

Slack documents the transport endpoint as:

https://mcp.slack.com/mcp

The server uses JSON-RPC 2.0 over Streamable HTTP. Slack's docs explicitly note that SSE-based connections and Dynamic Client Registration are not supported at this time, so use a client that supports Slack's current remote MCP/OAuth path.

Source Review

These sources were reviewed on 2026-06-04. Prefer the live Slack docs over model memory for endpoint behavior, OAuth metadata, available clients, app identity requirements, scopes, rate limits, and tool coverage.

Features

  • Official Slack-hosted MCP server at https://mcp.slack.com/mcp.
  • Streamable HTTP transport with JSON-RPC 2.0.
  • OAuth-backed user-token flow using Slack OAuth endpoints and client-specific authorization UX.
  • Workspace-admin managed approval for MCP client integrations.
  • Search tools for messages, files, users, public channels, private channels, channel descriptions, and emoji.
  • Message tools for reading channels, reading threads, sending messages, drafting messages, creating conversations, and adding reactions.
  • Canvas tools for creating, updating, reading, and exporting canvases as markdown.
  • User tools for reading complete user profile information, custom profile fields, statuses, and channel membership.
  • Slack Web API rate-limit behavior by MCP tool/action type.
  • Support path through partner-built clients such as Claude.ai, Claude Code, Perplexity, and Cursor as listed by Slack.

Use Cases

  • Ask Claude to find prior decisions, release context, customer feedback, or incident history across approved Slack channels.
  • Summarize long channels or threads before a follow-up meeting.
  • Draft a status update, release note, incident note, or team announcement for human review before posting.
  • Create a project channel or group conversation after a human confirms the audience and name.
  • Add reactions to acknowledge specific workflow events in low-risk channels.
  • Create or update canvases that summarize research, sprint plans, runbooks, or project notes.
  • Inspect user profiles or channel membership when routing questions to the right team.
  • Combine Slack context with other read-only tools after reviewing cross-tool data movement.

Installation

Claude Code

Add the remote MCP server with HTTP transport:

claude mcp add --transport http slack https://mcp.slack.com/mcp

Then follow your client's Slack OAuth flow and any workspace-admin approval steps. Verify the server appears in the MCP list:

claude mcp list

Claude Desktop or Other MCP Clients

Use the client-specific remote HTTP MCP configuration format. A generic shape is:

{
  "mcpServers": {
    "slack": {
      "url": "https://mcp.slack.com/mcp",
      "transport": "http"
    }
  }
}

Restart or reconnect the client, complete Slack OAuth, and verify the scopes and workspace approval status before asking the assistant to read or write Slack content.

Requirements

  • Slack workspace and user account.
  • Admin-approved MCP client integration or permission to request approval.
  • Supported MCP client with remote HTTP transport and Slack OAuth support.
  • OAuth client/app identity path that satisfies Slack's fixed app ID requirements.
  • User-token scopes matching the tools you intend to use.
  • Network access to https://mcp.slack.com/mcp.
  • Workspace data-governance policy covering AI access to public channels, private channels, DMs, files, canvases, and user profiles.
  • Rate-limit and human-review policy for searches, message writes, reactions, conversation creation, and canvas changes.

Configuration

{
  "mcpServers": {
    "slack": {
      "url": "https://mcp.slack.com/mcp",
      "transport": "http"
    }
  }
}

For managed workspaces, confirm with Slack admins which app/client is approved, which scopes are enabled, and whether audit logs are being reviewed for MCP activity.

Security And Privacy Review

  • Start with the smallest scopes that satisfy the workflow. Avoid granting DMs, private channels, files, canvases, user email, or write scopes until the use case requires them.
  • Treat message posting and canvas edits as production writes. Ask the assistant to draft first, then require a human to approve the exact target conversation and message.
  • Avoid prompts that ask the assistant to sweep all channels, enumerate private spaces, or summarize unrelated personal conversations.
  • Use Slack audit logs and app-management views to review MCP activity where your plan supports it.
  • Keep Slack context out of public issues, PR bodies, screenshots, logs, and downstream tools unless the content owner approved sharing.
  • Review cross-server flows before combining Slack with GitHub, Jira, Linear, databases, browsers, filesystems, or shell tools.

Troubleshooting

  • OAuth fails: verify that the MCP client supports Slack's current OAuth flow, the app/client is approved for the workspace, and the user has access to the requested scopes.
  • Client cannot connect: confirm it supports Streamable HTTP MCP and is configured with https://mcp.slack.com/mcp, not an SSE endpoint.
  • Tool is missing or denied: check the OAuth scopes enabled for the user token and whether the workspace admin approved that capability.
  • Search returns too little: confirm channel membership, private-channel access, search scopes, and date/user/content filters.
  • Writes are unexpectedly broad: require draft-first workflows and verify channel, DM, canvas, or conversation targets before execution.
  • Rate limits appear: narrow the search, batch requests intentionally, and avoid repeated autonomous loops over channels or threads.

Duplicate Check

  • No existing upstream content file uses the slack-mcp-server slug, Slack MCP endpoint, or official Slack MCP documentation URLs.
  • Existing Slack notifier hooks and generic Slack mentions remain distinct because this entry covers Slack's official remote MCP server, OAuth scopes, Streamable HTTP endpoint, Slack tools, admin approval, and Slack-specific data governance.

Editorial Disclosure

This is a source-backed community content entry submitted by oktofeesh1. There is no paid placement, affiliate link, sponsorship, or maintainer-verified package artifact attached to this listing.

Source citations

Add this badge to your README

Show that Slack MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/slack-mcp-server.svg)](https://heyclau.de/entry/mcp/slack-mcp-server)

How it compares

Slack MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Source provenance, Submitter).

Field

Official Slack remote MCP server that connects Claude and other MCP clients to Slack search, messages, channels, threads, canvases, reactions, users, and workspace context through OAuth-backed Streamable HTTP.

Open dossier

Apache-2.0 agentic proxy that can expose stdio, HTTP, SSE, and Streamable HTTP MCP servers through a managed gateway with federation, OAuth/JWT authentication, RBAC/CEL policy, CORS, TLS, observability, and Kubernetes Gateway API support.

Open dossier

Hosted Streamable HTTP MCP server for creating, inspecting, testing, publishing, unpublishing, analyzing, and styling Dreamlit notification workflows from AI clients.

Open dossier

Artidrop remote MCP server for publishing HTML, Markdown, and multi-file sites from AI agents with shareable URLs via streamable HTTP, optional API keys, and AFAuth agent identities.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceDiffersSource-backedSource-backedSource-backedSubmission linkedSource submission
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1kiannidev
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandSlack logoSlackagentgateway logoagentgatewayDreamlit logoDreamlit
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorSlackagentgatewayDreamlitArtidrop
Added2026-06-042026-06-062026-06-052026-06-16
Platforms
Harness
Source repo
Safety notesSlack's official MCP server is a remote server at `https://mcp.slack.com/mcp` using Streamable HTTP. It is not an npm package or HeyClaude-hosted artifact. Slack documents that MCP clients must be backed by an approved Slack app identity, and only directory-published apps or internal apps may use MCP. Unlisted apps are not allowed for this flow. Workspace admins can approve and manage MCP client integrations. Do not bypass workspace approval, legal, security, or data-governance rules for AI access to Slack. The server can perform write actions when scopes allow it, including sending messages, drafting messages, creating channels or conversations, adding reactions, and creating or updating canvases. Read tools can expose public channels, private channels, DMs, multi-party DMs, files, canvases, user profiles, custom profile fields, user status, channel metadata, message history, and thread history depending on scopes. Do not connect Slack MCP alongside broad file, browser, shell, database, or ticketing MCP servers unless cross-tool data movement has been reviewed. Slack MCP tools are subject to Slack Web API rate limits by tool/action type. Avoid unbounded searches, channel-history sweeps, message-posting loops, and repeated canvas updates. Require human review before posting to real channels, messaging users, creating conversations, adding reactions in sensitive threads, or editing shared canvases.Agentgateway can aggregate and expose many downstream MCP targets through one endpoint; every target's permissions become part of the gateway surface. Stdio targets are spawned by the gateway process, so commands such as package runners or containers inherit the gateway host's trust boundary. Demo configs use permissive CORS and local authorization servers; lock down origins, headers, issuers, audiences, JWKS, and resource metadata before production use. CEL/RBAC policies can inspect MCP tool names, arguments, results, prompts, resources, request bodies, JWT claims, API keys, and backend metadata; test policies before relying on them. Remote MCP proxying, OAuth provider adaptation, Kubernetes routing, TLS termination, and guardrails are infrastructure changes that should go through normal security review.Dreamlit MCP is a hosted remote server at `https://mcp.dreamlit.ai/mcp`; the public repository contains setup docs and registry metadata, not the production backend source. Write scopes can create or update workflow drafts and send workflow tests; publish scopes can publish, schedule, or unpublish live notification workflows. Publishing is a separate explicit step in Dreamlit's recommended flow; keep a human confirmation gate before `confirm_publish` or `unpublish_workflow`. Use least-privilege OAuth scopes. Read-only review clients should not receive `workflows:write` or `workflows:publish`. Test important email or Slack notification drafts before publishing, especially when prompts include personalization rules, timing, timezone, or unsubscribe behavior.Publish and update tools create publicly reachable URLs when visibility is public or unlisted. Pass content verbatim through MCP; reformatting can break HTML, script, or markdown rendering per official guidance. Anonymous publishes are limited to five per hour per IP; authenticated keys raise limits but billable access may apply. AFAuth agent signup provisions accounts without portal keys; review attestation and ownership policies before production use.
Privacy notesTool results can expose Slack messages, files, channel names, private channel metadata, DMs, thread context, canvases, user profiles, email addresses, custom profile fields, user statuses, emoji, and workspace history. OAuth user tokens and client secrets are sensitive credentials. Keep them out of prompts, screenshots, shared MCP configs, logs, shell history, issue comments, and repository files. Search results and message history can contain customer data, credentials, incident details, HR/legal discussions, security reports, unreleased product plans, support escalations, and other confidential workspace content. AI transcripts, MCP client logs, debug output, local caches, and downstream tools may retain Slack content outside Slack's own retention controls. Use test workspaces, limited channels, synthetic data, or narrow OAuth scopes for demos, screenshots, development, and AI-assisted troubleshooting. Review Slack, Salesforce, MCP client, AI-provider, and connected-tool retention policies before giving an assistant access to real workspace history or private conversations.MCP requests, tool arguments, tool results, prompt names, resource names, session IDs, JWT/API-key claims, raw request/response bodies, logs, traces, and telemetry may pass through the gateway. CEL policy and observability features may buffer or inspect request and response bodies depending on configuration. OAuth/JWT metadata, bearer tokens, API keys, DCR secrets, Keycloak/Auth0/Okta settings, and upstream MCP credentials must be protected as secrets. Any data returned by downstream MCP tools can still be sent onward by the MCP client to the configured model provider.Dreamlit MCP can expose workflow metadata, saved brand kit summaries, connected project context, preview or builder URLs, and bounded notification analytics. Analytics access can reveal recipient engagement and workflow run data; filter narrowly and paginate instead of requesting broad reporting dumps. Do not paste database credentials, raw secrets, private tokens, or integration credentials into prompts or shared MCP configs. Review Dreamlit, MCP client, AI-provider, and downstream-tool retention policies before using real customer, recipient, or workspace data.Published artifacts, titles, and content are stored on Artidrop infrastructure according to its privacy terms. API keys and OAuth tokens grant publish and management access; store them in connector headers, not chat logs. Private visibility restricts reads to owners, but MCP tool output may still appear in Claude session history.
Prerequisites
  • Slack workspace with permission to connect MCP clients or request workspace-admin approval.
  • MCP-capable client that supports remote HTTP MCP and Slack's OAuth flow, such as Claude.ai, Claude Code, Cursor, Perplexity, or another compatible client.
  • Network access to `https://mcp.slack.com/mcp` using JSON-RPC 2.0 over Streamable HTTP.
  • Slack app identity or partner-client path that satisfies Slack's MCP app requirements.
  • Agentgateway binary, container image, or source checkout from the upstream release/container/docs path.
  • At least one downstream MCP target, such as a stdio command, remote MCP server, SSE server, or Streamable HTTP server.
  • MCP client that can connect to the exposed Streamable HTTP or SSE route.
  • Auth, CORS, TLS, route, and policy configuration reviewed before shared or remote exposure.
  • Dreamlit workspace and project access for the notification workflows being managed.
  • MCP client that supports remote Streamable HTTP servers and Dreamlit OAuth, or a client path that can use Dreamlit personal access tokens.
  • Workspace decision on which scopes to grant, such as `workflows:read`, `workflows:write`, `workflows:publish`, and `analytics:read`.
  • Human review process for workflow tests, publishing, scheduling, and unpublishing actions.
  • Artidrop API key from https://artidrop.ai for authenticated list, update, and delete tools, or accept anonymous publish rate limits.
  • Claude Pro, Team, or Enterprise with Connectors support, or another MCP client with streamable HTTP transport.
  • Review of Artidrop visibility settings (public, unlisted, private) before publishing sensitive content.
  • Human review of generated HTML or Markdown before publishing externally shareable artifacts.
Install
claude mcp add --transport http slack https://mcp.slack.com/mcp
docker pull ghcr.io/agentgateway/agentgateway
codex mcp add dreamlit --url https://mcp.dreamlit.ai/mcp && codex mcp login dreamlit
claude mcp add --transport http artidrop https://artidrop.ai/mcp
Config
{
  "mcpServers": {
    "slack": {
      "url": "https://mcp.slack.com/mcp",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "agentgateway": {
      "url": "LOCAL_AGENTGATEWAY_MCP_URL",
      "headers": {
        "Authorization": "Bearer AGENTGATEWAY_MCP_TOKEN"
      }
    }
  }
}
{
  "mcpServers": {
    "dreamlit": {
      "url": "https://mcp.dreamlit.ai/mcp",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "artidrop": {
      "url": "https://artidrop.ai/mcp?key=sk_YOUR_KEY",
      "type": "http"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.