MCPVet
High
github · 69 files analyzed
korotovsky/slack-mcp-server
Sensitive access patterns — review carefully.
View source ↗Outbound network 2
Environment variables (config / keys) 1
Shell / command execution 1
AI review
The server explicitly documents and encourages extracting Slack session tokens (xoxc, xoxd) from browser localStorage and cookies, which is a security anti-pattern that bypasses proper OAuth flows and can lead to account compromise. Additionally, the README promotes a 'stealth mode' that operates without permissions, which could be used to exfiltrate data without user awareness.
- high Browser session token extraction instructions — The authentication setup guide provides detailed steps to extract xoxc and xoxd tokens from browser localStorage and cookies via developer console. This encourages users to expose highly sensitive, long-lived session tokens that can grant full access to the Slack workspace without proper scoping or revocation controls.
- high Stealth mode with no permissions — The README advertises a 'stealth mode' that operates 'with no permissions and scopes in Workspace'. This could allow the server to access Slack data without the user's informed consent or workspace governance, enabling covert data exfiltration or unauthorized actions.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
info
README.md:4
Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio, SSE and HTTP transports, proxy settings, DMs, Group DMs, Smart History fetch (by date or
low
manifest-dxt.json:7
"long_description": "Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio and SSE transports, proxy settings, DMs, Group DMs, Smart History fet
Shell / command execution · Executes shell / system commands
medium
npm/slack-mcp-server/bin/index.js:5
const childProcess = require('child_process');
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
npm/slack-mcp-server/bin/index.js:18
if (process.env.SLACK_MCP_DXT) {
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.