korotovsky/slack-mcp-server

Sensitive access patterns — review carefully.

View source ↗

Check your own MCP server

Free · no signup · instant shareable report.

Outbound network 2

Environment variables (config / keys) 1

Shell / command execution 1

AI review

The extension explicitly documents and encourages 'stealth mode' operation using browser session tokens (xoxc/xoxd) extracted from localStorage and cookies, which violates Slack's ToS and poses a significant credential exposure risk. The README also contains a suspicious 'manifest-dxt.json' reference and code that checks for an environment variable 'SLACK_MCP_DXT' which may enable hidden functionality.

high Stealth mode using browser session tokens — The authentication setup guide instructs users to extract xoxc- tokens from browser localStorage and xoxd cookies, which are session tokens not intended for third-party use. This 'stealth mode' bypasses proper OAuth flows and could lead to account compromise if tokens are leaked or misused.
medium Suspicious environment variable and manifest reference — The code checks for process.env.SLACK_MCP_DXT, and a file 'manifest-dxt.json' exists with a long_description. The purpose of this hidden flag is undocumented, suggesting possible undisclosed functionality or telemetry that could exfiltrate data.
medium Child process execution without clear purpose — The binary index.js requires 'child_process' but the README does not explain why. This could be used to execute arbitrary commands, potentially for data exfiltration or system manipulation.

Model: deepseek-chat

Static findings

Outbound network · Makes outbound network requests

info README.md:4

Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio, SSE and HTTP transports, proxy settings, DMs, Group DMs, Smart History fetch (by date or

low manifest-dxt.json:7

"long_description": "Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio and SSE transports, proxy settings, DMs, Group DMs, Smart History fet

Shell / command execution · Executes shell / system commands

medium npm/slack-mcp-server/bin/index.js:5 const childProcess = require('child_process');

Environment variables (config / keys) · Reads environment variables (config / API keys)

low npm/slack-mcp-server/bin/index.js:18 if (process.env.SLACK_MCP_DXT) {

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.