@zencoderai/slack-mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    90:     });
    91:     test('getChannels with API call', async () => {
>>> 92:         delete process.env.SLACK_CHANNEL_IDS;
    93:         const mockResponse = {
    94:             ok: true,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    65:     });
    66:     test('getChannels with predefined IDs', async () => {
>>> 67:         process.env.SLACK_CHANNEL_IDS = 'C123456,C789012';
    68:         mockFetch
    69:             .mockResolvedValueOnce({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44: });
    45: afterEach(() => {
>>> 46:     process.env = originalEnv;
    47:     process.argv = originalArgv;
    48:     jest.clearAllMocks();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    36: beforeEach(() => {
    37:     jest.resetModules();
>>> 38:     process.env = {
    39:         ...originalEnv,
    40:         SLACK_BOT_TOKEN: 'xoxb-test-token',

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    31:     return mockExpress;
    32: });
>>> 33: // Mock process.env
    34: const originalEnv = process.env;
    35: const originalArgv = process.argv;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    103:         const params = new URLSearchParams({
    104:             limit: Math.min(limit, 200).toString(),
>>> 105:             team_id: process.env.SLACK_TEAM_ID,
    106:         });
    107:         if (cursor) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    32: });
    33: // Mock process.env
>>> 34: const originalEnv = process.env;
    35: const originalArgv = process.argv;
    36: beforeEach(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23:                 exclude_archived: "true",
    24:                 limit: Math.min(limit, 200).toString(),
>>> 25:                 team_id: process.env.SLACK_TEAM_ID,
    26:             });
    27:             if (cursor) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    17:     }
    18:     async getChannels(limit = 100, cursor) {
>>> 19:         const predefinedChannelIds = process.env.SLACK_CHANNEL_IDS;
    20:         if (!predefinedChannelIds) {
    21:             const params = new URLSearchParams({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    418: export async function main() {
    419:     const { transport, port, authToken } = parseArgs();
>>> 420:     const botToken = process.env.SLACK_BOT_TOKEN;
    421:     const teamId = process.env.SLACK_TEAM_ID;
    422:     if (!botToken || !teamId) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    478:     // Don't run if we're in a test environment (jest)
    479:     const isTestEnvironment = process.argv.some(arg => arg.includes('jest')) ||
>>> 480:         process.env.NODE_ENV === 'test' ||
    481:         process.argv[1]?.includes('jest');
    482:     const isMainModule = !isTestEnvironment && (currentFile === executedFile ||

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    455:     else if (transport === 'http') {
    456:         // Use auth token from command line, environment variable, or generate random
>>> 457:         let finalAuthToken = authToken || process.env.AUTH_TOKEN;
    458:         if (!finalAuthToken) {
    459:             finalAuthToken = randomUUID();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    419:     const { transport, port, authToken } = parseArgs();
    420:     const botToken = process.env.SLACK_BOT_TOKEN;
>>> 421:     const teamId = process.env.SLACK_TEAM_ID;
    422:     if (!botToken || !teamId) {
    423:         console.error("Please set SLACK_BOT_TOKEN and SLACK_TEAM_ID environment variables");

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    362:     test('main with missing env vars', async () => {
    363:         delete process.env.SLACK_BOT_TOKEN;
>>> 364:         delete process.env.SLACK_TEAM_ID;
    365:         const { main } = await import('../index.js');
    366:         const mockExit = jest.spyOn(process, 'exit').mockImplementation(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    361: describe('main', () => {
    362:     test('main with missing env vars', async () => {
>>> 363:         delete process.env.SLACK_BOT_TOKEN;
    364:         delete process.env.SLACK_TEAM_ID;
    365:         const { main } = await import('../index.js');

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���y��yСjyޔ�l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���y��yСjyޔ�l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���y��yСjyޔ�l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �{�Ȩ�)�&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ݕ䞲Ȩ����-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ݕ䞲Ȩ����-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ݕ䞲Ȩ����-

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    118:             include_labels: "true",
    119:         });
>>> 120:         const response = await fetch(`https://slack.com/api/users.profile.get?${params}`, { headers: this.botHeaders });
    121:         return response.json();
    122:     }

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    28:                 params.append("cursor", cursor);
    29:             }
>>> 30:             const response = await fetch(`https://slack.com/api/conversations.list?${params}`, { headers: this.botHeaders });
    31:             return response.json();
    32:         }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    37:                 channel: channelId,
    38:             });
>>> 39:             const response = await fetch(`https://slack.com/api/conversations.info?${params}`, { headers: this.botHeaders });
    40:             const data = await response.json();
    41:             if (data.ok && data.channel && !data.channel.is_archived) {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    50:     }
    51:     async postMessage(channel_id, text) {
>>> 52:         const response = await fetch("https://slack.com/api/chat.postMessage", {
    53:             method: "POST",
    54:             headers: this.botHeaders,

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    61:     }
    62:     async postReply(channel_id, thread_ts, text) {
>>> 63:         const response = await fetch("https://slack.com/api/chat.postMessage", {
    64:             method: "POST",
    65:             headers: this.botHeaders,

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    73:     }
    74:     async addReaction(channel_id, timestamp, reaction) {
>>> 75:         const response = await fetch("https://slack.com/api/reactions.add", {
    76:             method: "POST",
    77:             headers: this.botHeaders,

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    89:             limit: limit.toString(),
    90:         });
>>> 91:         const response = await fetch(`https://slack.com/api/conversations.history?${params}`, { headers: this.botHeaders });
    92:         return response.json();
    93:     }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    97:             ts: thread_ts,
    98:         });
>>> 99:         const response = await fetch(`https://slack.com/api/conversations.replies?${params}`, { headers: this.botHeaders });
    100:         return response.json();
    101:     }

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    108:             params.append("cursor", cursor);
    109:         }
>>> 110:         const response = await fetch(`https://slack.com/api/users.list?${params}`, {
    111:             headers: this.botHeaders,
    112:         });