MCPVet
High
github · 69 files analyzed
korotovsky/slack-mcp-server
Sensitive access patterns — review carefully.
View source ↗Outbound network 2
Environment variables (config / keys) 1
Shell / command execution 1
AI review
The server explicitly documents and encourages 'stealth mode' using browser session tokens (xoxc/xoxd) extracted from localStorage and cookies, which violates Slack's ToS and poses a credential theft risk. The code also includes a hidden environment variable check (SLACK_MCP_DXT) that triggers child_process execution, suggesting potential for arbitrary command injection or telemetry exfiltration.
- high Stealth mode using browser session tokens — The documentation instructs users to extract xoxc- tokens from localStorage and xoxd cookies from the browser, then pass them as environment variables. This bypasses proper OAuth flows, violates Slack's terms of service, and could lead to account compromise if tokens are leaked or mishandled.
- high Hidden environment variable triggers child_process execution — In npm/slack-mcp-server/bin/index.js, the code checks for process.env.SLACK_MCP_DXT and then uses child_process. This is not documented in the README and could execute arbitrary commands or exfiltrate data when the variable is set, representing a potential backdoor or telemetry mechanism.
Model: deepseek-chat
Static findings
Outbound network · Makes outbound network requests
info
README.md:4
Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio, SSE and HTTP transports, proxy settings, DMs, Group DMs, Smart History fetch (by date or
low
manifest-dxt.json:7
"long_description": "Model Context Protocol (MCP) server for Slack Workspaces. The most powerful MCP Slack server — supports Stdio and SSE transports, proxy settings, DMs, Group DMs, Smart History fet
Shell / command execution · Executes shell / system commands
medium
npm/slack-mcp-server/bin/index.js:5
const childProcess = require('child_process');
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
npm/slack-mcp-server/bin/index.js:18
if (process.env.SLACK_MCP_DXT) {
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.