Slack MCP | OAuth Slack connector for AI agents

CALL ANY TOOL

Read channels, send messages, look up members, and upload files. Same toolkit, every framework, no auth plumbing to maintain.

slack_channels_list

List channels

List all channels in the workspace with optional filters for type and archived status. Returns channel ID, name, topic, purpose, and member count.

Parameters

Name

Type

Required

Description

types

string

Optional

Comma-separated channel types: public_channel, private_channel, im, mpim

exclude_archived

boolean

Optional

Exclude archived channels from results

limit

integer

Optional

Max channels to return (default 100)

slack_channel_history

Get channel messages

slack_messages_send

Send message

slack_thread_replies

Get thread replies

slack_users_list

List users

slack_users_lookup

Look up user

slack_files_upload

Upload file

Build your Agent

Drop the toolkit in, point it at the user, and your agent can read Slack messages, send replies, and look up team members from the first run.

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["slack"], toolNames: ["slack_channels_list", "slack_channel_history", "slack_messages_send"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["slack"], toolNames: ["slack_channels_list", "slack_channel_history", "slack_messages_send"] },
  pageSize: 100,
});

// shape tools as OpenAI function definitions
const llmTools = tools.map((t) => ({
  type: "function" as const,
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["slack"], toolNames: ["slack_channels_list", "slack_channel_history", "slack_messages_send"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/slack",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

These are the questions teams ask Slack every day. Copy any prompt, paste into your agent, watch it route to the right channel with the member's scope.

Search & recall

Copy the prompt

Copied

What was decided in #engineering this week?

Copy the prompt

Copied

What did [person] say about [topic] in [channel]?

Copy the prompt

Copied

Find all messages mentioning [keyword] in #general.

Copy the prompt

Copied

What threads are unresolved in #customer-support?

Action & outreach

Copy the prompt

Copied

Send a message to #announcements: [message text].

Copy the prompt

Copied

Post a follow-up to the thread in #sales from yesterday.

Copy the prompt

Copied

DM [user] with these meeting notes.

Copy the prompt

Copied

Upload this summary to #weekly-updates.

Team & context

Copy the prompt

Copied

Who is on the #design team?

Copy the prompt

Copied

List all active channels in this workspace.

Copy the prompt

Copied

What was the last message from [person] in #general?

Copy the prompt

Copied

Find [user] by their email address.

SEE HOW AUTH WORKS

Your users authorize Slack once. Their workspace credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Slack

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Slack

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Slack

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Slack

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other messaging agents and MCP connectors. Working code, live demos, fork what fits.

ENGINEERING

Slack workflow agent (LangGraph)

LangGraph agent that drives multi-step Slack workflows: triggers, approvals, and follow-up actions per user identity.

Slack

View agent

ENGINEERING

DevOps assistant agent

Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.

SUPPORT

Support triage agent

Read Zendesk tickets, fetch runbooks from Notion, and route to the right Slack channel with a drafted response.

SALES

Deal intelligence agent

Combine Gong, Attio, and Slack signals to surface deal risks and next-best actions. Updated after every call.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with member identity, scope enforcement, and audit so production deploys hold up.

01.

Messages posted from the wrong identity

A shared Slack bot token looks fine in a demo. In production, every message the agent posts appears as the bot, not the user who triggered it. Channel attribution breaks. DM replies come from the wrong identity. Scalekit resolves the actual user's token, so messages come from the right person.

// shared bot token
token = "sk_slack_shared_xxx"
audit → bot_service_account
user_filter → broken

// scalekit · per-user
token = resolve(user_id)
audit → user_abc
scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Slack today. Gmail, Outlook, Teams tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Slack as the user or as a shared key?

As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Slack oauth 2.0 stored?

In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Slack?

Yes. Pass a tool name filter to listScopedTools so the messaging agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Slack.

What happens when a user revokes Slack access?

The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

Can the agent post to private channels?

Only if the authorizing user is a member of that channel. Scalekit resolves the user's Slack credential, so private channel posts inherit the user's actual access. No bot membership trick needed.

Slack

Tools your messaging agent reaches for on Slack, scoped per user.