ICUICU
critical

slack-mcp-server

v1.1.28

Model Context Protocol (MCP) server for Slack Workspaces. This integration supports both Stdio and SSE transports, proxy settings and does not require any permissions or bots being created or approved by Workspace admins

npmkorotovskyFirst seen Feb 22, 2026

21

Total

12

Critical

5

High

4

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    166: 
    167: - Never share API tokens
>>> 168: - Keep .env files secure and private
    169: 
    170: ## License
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    16: function resolveBinaryPath() {
    17:     // If DXT installation then we fix empty variables, it's a DXT bug.
>>> 18:     if (process.env.SLACK_MCP_DXT) {
    19:         if (process.env.SLACK_MCP_XOXC_TOKEN === '${user_config.xoxc_token}') {
    20:             process.env.SLACK_MCP_XOXC_TOKEN = '';
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    17:     // If DXT installation then we fix empty variables, it's a DXT bug.
    18:     if (process.env.SLACK_MCP_DXT) {
>>> 19:         if (process.env.SLACK_MCP_XOXC_TOKEN === '${user_config.xoxc_token}') {
    20:             process.env.SLACK_MCP_XOXC_TOKEN = '';
    21:         }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    18:     if (process.env.SLACK_MCP_DXT) {
    19:         if (process.env.SLACK_MCP_XOXC_TOKEN === '${user_config.xoxc_token}') {
>>> 20:             process.env.SLACK_MCP_XOXC_TOKEN = '';
    21:         }
    22:         if (process.env.SLACK_MCP_XOXD_TOKEN === '${user_config.xoxd_token}') {
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    20:             process.env.SLACK_MCP_XOXC_TOKEN = '';
    21:         }
>>> 22:         if (process.env.SLACK_MCP_XOXD_TOKEN === '${user_config.xoxd_token}') {
    23:             process.env.SLACK_MCP_XOXD_TOKEN = '';
    24:         }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    21:         }
    22:         if (process.env.SLACK_MCP_XOXD_TOKEN === '${user_config.xoxd_token}') {
>>> 23:             process.env.SLACK_MCP_XOXD_TOKEN = '';
    24:         }
    25:         if (process.env.SLACK_MCP_XOXP_TOKEN === '${user_config.xoxp_token}') {
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    23:             process.env.SLACK_MCP_XOXD_TOKEN = '';
    24:         }
>>> 25:         if (process.env.SLACK_MCP_XOXP_TOKEN === '${user_config.xoxp_token}') {
    26:             process.env.SLACK_MCP_XOXP_TOKEN = '';
    27:         }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    24:         }
    25:         if (process.env.SLACK_MCP_XOXP_TOKEN === '${user_config.xoxp_token}') {
>>> 26:             process.env.SLACK_MCP_XOXP_TOKEN = '';
    27:         }
    28:         if (process.env.SLACK_MCP_ADD_MESSAGE_TOOL === '${user_config.add_message_tool}') {
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    26:             process.env.SLACK_MCP_XOXP_TOKEN = '';
    27:         }
>>> 28:         if (process.env.SLACK_MCP_ADD_MESSAGE_TOOL === '${user_config.add_message_tool}') {
    29:             process.env.SLACK_MCP_ADD_MESSAGE_TOOL = '';
    30:         }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27:         }
    28:         if (process.env.SLACK_MCP_ADD_MESSAGE_TOOL === '${user_config.add_message_tool}') {
>>> 29:             process.env.SLACK_MCP_ADD_MESSAGE_TOOL = '';
    30:         }
    31:     }
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    37:     }
    38: 
>>> 39:     if (process.env.SLACK_MCP_DXT) {
    40:         return require.resolve(path.join(__dirname, `${binary.name}${binary.suffix}`));
    41:     } else {
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    47: 
    48: // Workaround for https://github.com/anthropics/dxt/issues/13
>>> 49: if (process.env.SLACK_MCP_DXT) {
    50:     const stats = fs.statSync(binPath);
    51:     const execMask = fs.constants.S_IXUSR
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r��j{a��br�����˞��w

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r����趋�/앧$

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��z�?���ȩj{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �������� ��j�^�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highSC-005Suspicious CommandsMedium ConfidenceLine 0

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    3: const fs = require('fs');
    4: const path = require('path');
>>> 5: const childProcess = require('child_process');
    6: 
    7: const BINARY_MAP = {
Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2: [![Trust Score](https://archestra.ai/mcp-catalog/api/badge/quality/korotovsky/slack-mcp-server)](https://archestra.ai/mcp-catalog/korotovsky__slack-mcp-server)
    3: 
>>> 4: Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio, SSE and HTTP transports, proxy settings, DMs, Group DMs, Smart History fetch (by date or count), may work via OAuth or in complete stealth mode with no permissions and scopes in Workspace 😏.
    5: 
    6: > [!IMPORTANT]  
Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive

Scan History

DateRiskFindings
Feb 25, 2026critical21
Feb 23, 2026critical21
Feb 22, 2026critical21