slack-mcp-server — Slack MCP with Stealth/OAuth

Main

• Start read-only: keep message posting and “mark as read” disabled until you have clear internal policy and channel allowlists.

• Use smart history fetch to keep context tight: fetch by date/count and paginate when you need deeper context.

• Pick an auth mode that matches your environment: OAuth tokens (xoxp/xoxb) vs browser session (xoxc/xoxd) tradeoffs are documented in README.

• Add it to your MCP client config once, then standardize tool naming + allowlists so agents don’t spam Slack by accident.

Source-backed notes

• README lists supported transports (stdio/SSE/HTTP) and multiple auth approaches (OAuth tokens and browser session tokens).
• Docs show npx -y slack-mcp-server@latest --transport stdio examples for Claude Desktop configuration.
• README notes write tools (posting / marking as read) are disabled by default and enabled via environment variables.

FAQ

• Is message posting enabled by default?: No — README says posting tools are disabled by default and must be enabled explicitly.
• Which token should I use?: Docs show XOXP (user), XOXB (bot), or XOXC/XOXD (browser session) options; choose based on access needs.
• Can I run it without editing config files?: Docs mention DXT/installer options for desktop clients; npx is the fastest manual path.