Slack Max API MCP

38 tools. 18 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

18 can modify or destroy data
20 read-only
38 tools total

Community server · catalogue entry verified 03/07/2026

How to control Slack Max API MCP ↓

What Slack Max API MCP exposes to your agents

Read (20) Write / Execute (17) Destructive / Financial (1)
Critical Risk

The most dangerous Slack Max API MCP tools

18 of Slack Max API MCP's 38 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Slack Max API MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Slack Max API MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "ops_access_revoke": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_canvas": {
    "limits": [
      {
        "counter": "create_canvas_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "gateway_info": {
    "limits": [
      {
        "counter": "gateway_info_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Slack Max API MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON SLACK MAX API →

Instant setup, no code required.

All 38 Slack Max API MCP tools

READ 20 tools
Read gateway_info Return gateway exposure mode and lightweight tool registration summary. Read gateway_load Load only the method references you need. Supports exact method lookup or query search. Read ops_access_policy_info Show access-control profiles, effective rules, pending elevation requests, and active grants. Read ops_audit_log_read Read recent local audit log entries for governance and troubleshooting. Read ops_channel_snapshot Operational snapshot for a channel: activity volume, participants, threads, reactions, and recent samples. Read ops_explain_error Explain a recorded failure in human-readable form using the latest diagnostics snapshot. Read ops_playbook_list List built-in operations playbooks that can run multi-step Slack workflows. Read ops_policy_info Show operational guardrails for this MCP (method policy and local audit settings). Read ops_recent_failures List recent tool, Slack API, or access-control failures from local diagnostics state. Read ops_sla_breach_scan Scan multiple channels for threads that exceed an SLA threshold without external replies. Read ops_state_overview Inspect local operations state for incidents, digests, broadcasts, followups, and playbook runs. Read ops_unanswered_threads Find unanswered or stale question-like threads in a channel for follow-up operations. Read read_canvas Read canvas content using canvases.sections.lookup. Pass Slack params in Read read_channel Read channel history with conversations.history. Read read_thread Read a thread using conversations.replies. Read read_user_profile Read user info/profile using users.info plus users.profile.get (best effort). Read search_channels Find channels by partial match on name/topic/purpose using conversations.list and local filtering. Read search_messages_files Search messages and files. Uses search.messages and search.files and returns both. Read search_users Find users by partial match on id/name/display_name/email using users.list and local filtering. Read slack_method_tools_info Return summary for catalog-driven method tools currently loaded.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Slack Max API MCP

Can an AI agent delete data through the Slack Max API MCP server? +

Yes. The Slack Max API MCP server exposes 1 destructive tools including ops_access_revoke. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Slack Max API MCP? +

The Slack Max API MCP server has 13 write tools including create_canvas, gateway_plan, ops_access_approve. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Slack Max API MCP.

How many tools does the Slack Max API MCP server expose? +

38 tools across 4 categories: Destructive, Execute, Read, Write. 20 are read-only. 18 can modify, create, or delete data.

How do I enforce a policy on Slack Max API MCP? +

Register the Slack Max API MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Slack Max API MCP tool call.

Deterministic rules across all 38 Slack Max API MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

38 Slack Max API MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.