claude-code-slack-channel
mcp
Basarisiz
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 8 GitHub stars
Code Basarisiz
- exec() — Shell command execution in server.ts
- process.env — Environment variable access in server.ts
- network request — Outbound network request in server.ts
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This MCP server acts as a two-way bridge, allowing you to chat with your local Claude Code session directly from Slack DMs and channels using WebSockets.
Security Assessment
Overall Risk: High. The tool requires your Slack Bot and App-Level tokens to function (environment variables), meaning it handles sensitive authentication credentials. It also executes shell commands (`server.ts`) and makes outbound network requests via WebSocket to connect to Slack's Socket Mode. While the connection is outbound (meaning no public inbound URL is required, which is a plus), the ability to execute shell commands locally poses a significant risk if the Slack bot is misconfigured or compromised by a malicious user in your workspace. No hardcoded secrets were found, but you must provide your own tokens during setup.
Quality Assessment
The project is very new and has low community visibility (8 GitHub stars), so it has not been broadly battle-tested by the open-source community. However, basic maintenance indicators are positive: the repository is active (last pushed 0 days ago), has a clear description, includes CI testing, and uses the standard permissive MIT license.
Verdict
Use with caution: it is an active, MIT-licensed project, but the combination of low community review, shell execution capabilities, and access to sensitive Slack tokens requires strict workspace access controls before deployment.
This MCP server acts as a two-way bridge, allowing you to chat with your local Claude Code session directly from Slack DMs and channels using WebSockets.
Security Assessment
Overall Risk: High. The tool requires your Slack Bot and App-Level tokens to function (environment variables), meaning it handles sensitive authentication credentials. It also executes shell commands (`server.ts`) and makes outbound network requests via WebSocket to connect to Slack's Socket Mode. While the connection is outbound (meaning no public inbound URL is required, which is a plus), the ability to execute shell commands locally poses a significant risk if the Slack bot is misconfigured or compromised by a malicious user in your workspace. No hardcoded secrets were found, but you must provide your own tokens during setup.
Quality Assessment
The project is very new and has low community visibility (8 GitHub stars), so it has not been broadly battle-tested by the open-source community. However, basic maintenance indicators are positive: the repository is active (last pushed 0 days ago), has a clear description, includes CI testing, and uses the standard permissive MIT license.
Verdict
Use with caution: it is an active, MIT-licensed project, but the combination of low community review, shell execution capabilities, and access to sensitive Slack tokens requires strict workspace access controls before deployment.
Slack channel for Claude Code — two-way chat via Socket Mode + MCP. First claude/channel implementation for Slack.
README.md
Slack Channel for the Claude Code
Two-way Slack ↔ Claude Code bridge. Chat with Claude from Slack DMs and channels, just like you'd chat in the terminal.
Research Preview — Channels require Claude Code v2.1.80+ and
claude.ailogin.
How It Works
Slack workspace (cloud)
↕ WebSocket (Socket Mode — outbound only, no public URL)
server.ts (local MCP server, spawned by Claude Code)
↕ stdio (MCP transport)
Claude Code session
Socket Mode means no public URL needed — works behind firewalls, NAT, anywhere.
Quick Start
1. Create a Slack App
- Go to api.slack.com/apps → Create New App → From scratch
- Socket Mode: Settings → Socket Mode → Enable → Generate App-Level Token (
xapp-...) withconnections:writescope - Event Subscriptions: Enable → Subscribe to bot events:
message.im— DMsmessage.channels— public channelsmessage.groups— private channelsapp_mention— @ mentions
- Bot Token Scopes (OAuth & Permissions):
chat:write— send messageschannels:history— read public channelsgroups:history— read private channelsim:history— read DMsreactions:write— add reactionsfiles:read— download shared filesfiles:write— upload filesusers:read— resolve display names
- Install to Workspace → Copy Bot Token (
xoxb-...)
2. Configure Tokens
/slack-channel:configure xoxb-your-bot-token xapp-your-app-token
3. Run
Pick your runtime:
Option A: Bun (recommended)
cd slack && bun install
# Current (claude-code-plugins marketplace):
claude --channels plugin:slack-channel@claude-code-plugins
# Future (after upstream approval):
# claude --channels plugin:slack-channel@claude-plugins-official
Option B: Node.js / npx
cd slack && npm install
# In .mcp.json, change command to: "npx", args: ["tsx", "server.ts"]
claude --channels plugin:slack-channel@claude-code-plugins
Option C: Docker
cd slack && docker build -t claude-slack-channel .
# In .mcp.json, change command to: "docker", args: ["run", "--rm", "-i", "-v", "~/.claude/channels/slack:/state", "claude-slack-channel"]
claude --channels plugin:slack-channel@claude-code-plugins
4. Pair Your Account
- DM the bot in Slack — you'll get a 6-character pairing code
- In your terminal:
/slack-channel:access pair <code> - You're connected. Chat away.
Access Control
See ACCESS.md for the full schema.
/slack-channel:access policy allowlist # Only pre-approved users
/slack-channel:access add U12345678 # Add a user
/slack-channel:access remove U12345678 # Remove a user
/slack-channel:access channel C12345678 # Opt in a channel
/slack-channel:access channel C12345678 --mention # Require @mention
/slack-channel:access status # Show current config
Security
- Sender gating: Every inbound message hits a gate. Ungated messages are silently dropped before reaching Claude.
- Outbound gate: Replies only work to channels that passed the inbound gate.
- File exfiltration guard: Cannot send
.env,access.json, or other state files through the reply tool. - Prompt injection defense: System instructions explicitly tell Claude to refuse pairing/access requests from Slack messages.
- Bot filtering: All
bot_idmessages are dropped (prevents bot-to-bot loops). - Link unfurling disabled: All outbound messages set
unfurl_links: false, unfurl_media: false. - Token security:
.envischmod 0o600, never logged, never in tool results. - Static mode: Set
SLACK_ACCESS_MODE=staticto freeze access at boot (no runtime mutation).
Development
# Dev mode (bypasses plugin allowlist):
claude --dangerously-load-development-channels server:slack
One-Pager & System Analysis
Full project one-pager and operator-grade system analysis
License
MIT
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi