grade D

10 days ago

glama

Slack Max API MCP

An MCP server that provides comprehensive access to the Slack Web API, enabling AI agents to search messages, manage channels, and create canvases. It features 13 core tools and over 300 dynamic methods for complete automation of Slack workspace operations.

→ JeongWoobin335/Slack-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 3 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

🔐

You'll be asked for 9 credentials: SLACK_BOT_TOKEN, SLACK_CLIENT_SECRET, SLACK_GATEWAY_API_KEY, SLACK_GATEWAY_CLIENT_API_KEY, SLACK_GATEWAY_PUBLIC_ONBOARD_API_KEY, SLACK_GATEWAY_PUBLIC_ONBOARD_EXPOSE_API_KEY, SLACK_GATEWAY_SHARED_SECRET, SLACK_TOKEN, SLACK_USER_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configSLACK_ALLOW_ENV_EXAMPLE_FALLBACK— 4. .env.example fallback if =true

configSLACK_API_BASE_URL

configSLACK_AUDIT_LOG_PATH— path> (default: ~/.slack-max-api-mcp/audit.log)

🔐 secretSLACK_BOT_TOKEN— setx "xoxb-..."

configSLACK_CATALOG_CONCURRENCY

configSLACK_CATALOG_PATH

configSLACK_CLIENT_CONFIG_PATH

configSLACK_CLIENT_ID— setx "YOUR_CLIENT_ID"

🔐 secretSLACK_CLIENT_SECRET— setx "YOUR_CLIENT_SECRET"

configSLACK_DEFAULT_TOKEN_TYPE

configSLACK_ENABLE_AUDIT_LOG— truefalse (default: true)

configSLACK_ENABLE_METHOD_TOOLS

configSLACK_GATEWAY_ALLOW_PUBLIC

🔐 secretSLACK_GATEWAY_API_KEY

🔐 secretSLACK_GATEWAY_CLIENT_API_KEY

configSLACK_GATEWAY_PROFILE

configSLACK_GATEWAY_PUBLIC_BASE_URL

configSLACK_GATEWAY_PUBLIC_ONBOARD

🔐 secretSLACK_GATEWAY_PUBLIC_ONBOARD_API_KEY

🔐 secretSLACK_GATEWAY_PUBLIC_ONBOARD_EXPOSE_API_KEY

configSLACK_GATEWAY_PUBLIC_ONBOARD_PROFILE_PREFIX

🔐 secretSLACK_GATEWAY_SHARED_SECRET

configSLACK_GATEWAY_SKIP_TLS_VERIFY

configSLACK_GATEWAY_STATE_TTL_MS

configSLACK_GATEWAY_URL

configSLACK_INSECURE_TLS

configSLACK_MAX_METHOD_TOOLS

configSLACK_METHOD_ALLOWLIST— chat.postMessage,conversations.history

configSLACK_METHOD_ALLOW_PREFIXES— chat.,conversations.

configSLACK_METHOD_DENYLIST— users.deletePhoto

configSLACK_METHOD_DENY_PREFIXES

configSLACK_METHOD_TOOL_PREFIX

configSLACK_OAUTH_BOT_SCOPES

configSLACK_OAUTH_CALLBACK_HOST

configSLACK_OAUTH_CALLBACK_PATH

configSLACK_OAUTH_CALLBACK_PORT

configSLACK_OAUTH_TEAM_ID

configSLACK_OAUTH_TIMEOUT_MS

configSLACK_OAUTH_USER_SCOPES

configSLACK_ONBOARD_CLAIM_TTL_MS

configSLACK_ONBOARD_POLL_INTERVAL_MS

configSLACK_ONBOARD_PUBLIC_BASE_URL— setx "https://onboard.example.com"

configSLACK_ONBOARD_SERVER_CALLBACK_PATH

configSLACK_ONBOARD_SERVER_HOST— setx "0.0.0.0"

configSLACK_ONBOARD_SERVER_PORT— setx "8790"

configSLACK_ONBOARD_SERVER_URL— Use --server (or ) only when overriding it.

configSLACK_ONBOARD_SKIP_TLS_VERIFY

configSLACK_ONBOARD_TIMEOUT_MS

configSLACK_OPERATIONS_CONFIG_PATH— Override path: =<path>

configSLACK_OPERATIONS_STATE_PATH— Override path: =<path>

configSLACK_PROFILE— 3. active OAuth profile from token store ( or default profile)

configSLACK_SMART_COMPAT_CORE_TOOLS

🔐 secretSLACK_TOKEN— 2. env tokens: SLACK_BOT_TOKEN / SLACK_USER_TOKEN /

configSLACK_TOKEN_STORE_PATH

configSLACK_TOOL_EXPOSURE_MODE— operationsdeveloperlegacy

🔐 secretSLACK_USER_TOKEN— setx "xoxp-..."

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/jeongwoobin335-slack-mcp-mty8u5)](https://m8ven.ai/mcp/jeongwoobin335-slack-mcp-mty8u5)

commit: a49046a5b9280b4a9f5fdfd6c896804180894346

code hash: 7624499ffa02579011be354adcce7c22528610dc6644657acd59471d9be523bb

verified: 4/11/2026, 2:56:54 PM

view raw JSON →