// SCAN REPORT

Slack

143 tools. 71 can modify or destroy data without limits.

16 destructive tools with no built-in limits. Policy required.

Last updated: 19 May 2026

71 can modify or destroy data

72 read-only

143 tools total

Free to start. No card required.

TOOL MAP

Read (72) Write / Execute (55) Destructive / Financial (16)

CONTEXT-WINDOW COST

37,400 tokens of tool definitions, loaded on every request

19% of a 200k context window

1,409 heaviest tool: SLACK_SENDS_A_MESSAGE_TO_A_SLACK_CHANNEL

Full per-tool breakdown → Model it in the token calculator →

WHAT CAN GO WRONG

Destructive tools (SLACK_CLEAR_STATUS, SLACK_CUSTOMIZE_URL_UNFURL, SLACK_DELETE_A_COMMENT_ON_A_FILE) permanently delete resources. There is no undo. An agent calling these in a retry loop causes irreversible damage.

Write operations (SLACK_ACTIVATE_OR_MODIFY_DO_NOT_DISTURB_DURATION, SLACK_ADD_A_CUSTOM_EMOJI_TO_A_SLACK_TEAM, SLACK_ADD_A_REMOTE_FILE_FROM_A_SERVICE) modify state. Without rate limits, an agent can make hundreds of changes in seconds — faster than any human can review or revert.

Execute tools (SLACK_REGISTERS_A_NEW_CALL_WITH_PARTICIPANTS, SLACK_REGISTERS_NEW_CALL_PARTICIPANTS, SLACK_START_CALL) trigger processes with side effects. Builds, notifications, workflows — all fired without throttling.

RECOMMENDED RULES

Deny destructive operations

{
  "SLACK_CLEAR_STATUS": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "SLACK_ACTIVATE_OR_MODIFY_DO_NOT_DISTURB_DURATION": {
    "limits": [
      {
        "counter": "slack_activate_or_modify_do_not_disturb_duration_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "Returns": {
    "limits": [
      {
        "counter": "returns_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

ALL 143 SLACK TOOLS

DESTRUCTIVE 16 tools

Destructive SLACK_CLEAR_STATUS Destructive SLACK_CUSTOMIZE_URL_UNFURL Destructive SLACK_DELETE_A_COMMENT_ON_A_FILE Destructive SLACK_DELETE_A_FILE_BY_ID Destructive SLACK_DELETE_A_PUBLIC_OR_PRIVATE_CHANNEL Destructive SLACK_DELETE_A_SCHEDULED_MESSAGE_IN_A_CHAT Destructive SLACK_DELETE_A_SLACK_REMINDER Destructive SLACK_DELETE_CANVAS Destructive SLACK_DELETE_USER_PROFILE_PHOTO Destructive SLACK_DISABLE_AN_EXISTING_SLACK_USER_GROUP Destructive SLACK_REMOVE_A_REMOTE_FILE Destructive SLACK_REMOVE_A_STAR_FROM_AN_ITEM Destructive SLACK_REMOVE_A_USER_FROM_A_CONVERSATION Destructive SLACK_REMOVE_CALL_PARTICIPANTS Destructive SLACK_REMOVE_REACTION_FROM_ITEM Destructive SLACK_REVOKE_PUBLIC_SHARING_ACCESS_FOR_A_FILE

EXECUTE 4 tools

Execute SLACK_REGISTERS_A_NEW_CALL_WITH_PARTICIPANTS Execute SLACK_REGISTERS_NEW_CALL_PARTICIPANTS Execute SLACK_START_CALL Execute SLACK_START_REAL_TIME_MESSAGING_SESSION

WRITE 51 tools

Write SLACK_ACTIVATE_OR_MODIFY_DO_NOT_DISTURB_DURATION Write SLACK_ADD_A_CUSTOM_EMOJI_TO_A_SLACK_TEAM Write SLACK_ADD_A_REMOTE_FILE_FROM_A_SERVICE Write SLACK_ADD_A_STAR_TO_AN_ITEM Write SLACK_ADD_AN_EMOJI_ALIAS_IN_SLACK Write SLACK_ADD_CALL_PARTICIPANTS Write SLACK_ADD_EMOJI Write SLACK_ADD_REACTION_TO_AN_ITEM Write SLACK_ARCHIVE_A_PUBLIC_OR_PRIVATE_CHANNEL Write SLACK_ARCHIVE_A_SLACK_CONVERSATION Write SLACK_CHAT_POST_MESSAGE Write SLACK_CLOSE_DM_OR_MULTI_PERSON_DM Write SLACK_CREATE_A_REMINDER Write SLACK_CREATE_A_SLACK_USER_GROUP Write SLACK_CREATE_CANVAS Write SLACK_CREATE_CHANNEL Write SLACK_CREATE_CHANNEL_BASED_CONVERSATION Write SLACK_EDIT_CANVAS Write SLACK_ENABLE_A_SPECIFIED_USER_GROUP Write SLACK_ENABLE_PUBLIC_SHARING_OF_A_FILE Write SLACK_END_A_CALL_WITH_DURATION_AND_ID Write SLACK_INVITE_USER_TO_CHANNEL Write SLACK_INVITE_USER_TO_WORKSPACE Write SLACK_INVITE_USER_TO_WORKSPACE_WITH_OPTIONAL_CHANNEL_INVITES Write SLACK_INVITE_USERS_TO_A_SLACK_CHANNEL Write SLACK_MANUALLY_SET_USER_PRESENCE Write SLACK_MARK_REMINDER_AS_COMPLETE Write SLACK_OPEN_DM Write SLACK_OPEN_OR_RESUME_DIRECT_OR_MULTI_PERSON_MESSAGES Write SLACK_REGISTER_CALL_PARTICIPANTS_REMOVAL Write SLACK_RENAME_A_CONVERSATION Write SLACK_RENAME_A_SLACK_CHANNEL Write SLACK_RENAME_AN_EMOJI Write SLACK_SCHEDULE_MESSAGE Write SLACK_SEND_EPHEMERAL_MESSAGE Write SLACK_SEND_MESSAGE Write SLACK_SET_A_CONVERSATION_S_PURPOSE Write SLACK_SET_DND_DURATION Write SLACK_SET_PROFILE_PHOTO Write SLACK_SET_READ_CURSOR_IN_A_CONVERSATION Write SLACK_SET_SLACK_USER_PROFILE_INFORMATION Write SLACK_SET_STATUS Write SLACK_SET_THE_TOPIC_OF_A_CONVERSATION Write SLACK_SET_USER_PROFILE_PHOTO_WITH_CROPPING_OPTIONS Write SLACK_UNARCHIVE_A_PUBLIC_OR_PRIVATE_CHANNEL Write SLACK_UNARCHIVE_CHANNEL Write SLACK_UPDATE_AN_EXISTING_SLACK_USER_GROUP Write SLACK_UPDATE_SLACK_CALL_INFORMATION Write SLACK_UPDATE_USER_GROUP_MEMBERS Write SLACK_UPDATES_AN_EXISTING_REMOTE_FILE Write SLACK_UPLOAD_OR_CREATE_A_FILE_IN_SLACK

READ 72 tools

Read Returns Read SLACK_CUSTOMIZE_URL_UNFURLING_IN_MESSAGES Read SLACK_DELETES_A_MESSAGE_FROM_A_CHAT Read SLACK_END_SNOOZE Read SLACK_END_USER_DO_NOT_DISTURB_SESSION Read SLACK_END_USER_SNOOZE_MODE_IMMEDIATELY Read SLACK_FETCH_BOT_USER_INFORMATION Read SLACK_FETCH_CONVERSATION_HISTORY Read SLACK_FETCH_CURRENT_TEAM_INFO_WITH_OPTIONAL_TEAM_SCOPE Read SLACK_FETCH_DND_STATUS_FOR_MULTIPLE_TEAM_MEMBERS Read SLACK_FETCH_ITEM_REACTIONS Read SLACK_FETCH_MESSAGE_THREAD_FROM_A_CONVERSATION Read SLACK_FETCH_TEAM_INFO Read SLACK_FETCH_WORKSPACE_SETTINGS_INFORMATION Read SLACK_FIND_CHANNELS Read SLACK_FIND_USER_BY_EMAIL_ADDRESS Read SLACK_FIND_USERS Read SLACK_GET_CANVAS Read SLACK_GET_CHANNEL_CONVERSATION_PREFERENCES Read SLACK_GET_REMINDER_INFORMATION Read SLACK_GET_REMOTE_FILE Read SLACK_GET_TEAM_DND_STATUS Read SLACK_GET_USER_PRESENCE_INFO Read SLACK_INITIATES_CHANNEL_BASED_CONVERSATIONS Read SLACK_JOIN_AN_EXISTING_CONVERSATION Read SLACK_LEAVE_A_CONVERSATION Read SLACK_LIST_ACCESSIBLE_CONVERSATIONS_FOR_A_USER Read SLACK_LIST_ALL_CHANNELS Read SLACK_LIST_ALL_SLACK_TEAM_CHANNELS_WITH_VARIOUS_FILTERS Read SLACK_LIST_ALL_SLACK_TEAM_USERS_WITH_PAGINATION Read SLACK_LIST_ALL_USERS Read SLACK_LIST_ALL_USERS_IN_A_USER_GROUP Read SLACK_LIST_CANVASES Read SLACK_LIST_CONVERSATIONS Read SLACK_LIST_FILES_WITH_FILTERS_IN_SLACK Read SLACK_LIST_REMINDERS Read SLACK_LIST_REMOTE_FILES Read SLACK_LIST_SCHEDULED_MESSAGES Read SLACK_LIST_SCHEDULED_MESSAGES_IN_A_CHANNEL Read SLACK_LIST_SLACK_S_REMOTE_FILES_WITH_FILTERS Read SLACK_LIST_STARRED_ITEMS Read SLACK_LIST_TEAM_CUSTOM_EMOJIS Read SLACK_LIST_USER_GROUPS_FOR_TEAM_WITH_OPTIONS Read SLACK_LIST_USER_REACTIONS Read SLACK_LIST_USER_REMINDERS_WITH_DETAILS Read SLACK_LIST_WORKSPACE_USERS Read SLACK_LISTS_PINNED_ITEMS_IN_A_CHANNEL Read SLACK_LISTS_USER_S_STARRED_ITEMS_WITH_PAGINATION Read SLACK_LOOKUP_CANVAS_SECTIONS Read SLACK_PINS_AN_ITEM_TO_A_CHANNEL Read SLACK_RETRIEVE_A_USER_S_IDENTITY_DETAILS Read SLACK_RETRIEVE_CALL_INFORMATION Read SLACK_RETRIEVE_CONVERSATION_INFORMATION Read SLACK_RETRIEVE_CONVERSATION_MEMBERS_LIST Read SLACK_RETRIEVE_CURRENT_USER_DND_STATUS Read SLACK_RETRIEVE_DETAILED_INFORMATION_ABOUT_A_FILE Read SLACK_RETRIEVE_DETAILED_USER_INFORMATION Read SLACK_RETRIEVE_MESSAGE_PERMALINK_URL Read SLACK_RETRIEVE_REMOTE_FILE_INFO_IN_SLACK Read SLACK_RETRIEVE_TEAM_PROFILE_DETAILS Read SLACK_RETRIEVE_USER_PROFILE_INFORMATION Read SLACK_REVERSE_A_CONVERSATION_S_ARCHIVAL_STATUS Read SLACK_SCHEDULES_A_MESSAGE_TO_A_CHANNEL_AT_A_SPECIFIED_TIME Read SLACK_SEARCH_ALL Read SLACK_SEARCH_FOR_MESSAGES_WITH_QUERY Read SLACK_SEARCH_MESSAGES Read SLACK_SENDS_A_MESSAGE_TO_A_SLACK_CHANNEL Read SLACK_SENDS_EPHEMERAL_MESSAGES_TO_CHANNEL_USERS Read SLACK_SHARE_A_ME_MESSAGE_IN_A_CHANNEL Read SLACK_SHARE_REMOTE_FILE_IN_CHANNELS Read SLACK_UNPIN_ITEM_FROM_CHANNEL Read SLACK_UPDATES_A_SLACK_MESSAGE

FAQ

Can an AI agent delete data through the Slack MCP server? +

Yes. The Slack server exposes 16 destructive tools including SLACK_CLEAR_STATUS, SLACK_CUSTOMIZE_URL_UNFURL, SLACK_DELETE_A_COMMENT_ON_A_FILE. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Slack? +

The Slack server has 51 write tools including SLACK_ACTIVATE_OR_MODIFY_DO_NOT_DISTURB_DURATION, SLACK_ADD_A_CUSTOM_EMOJI_TO_A_SLACK_TEAM, SLACK_ADD_A_REMOTE_FILE_FROM_A_SERVICE. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Slack.

How many tools does the Slack MCP server expose? +

143 tools across 4 categories: Destructive, Execute, Read, Write. 72 are read-only. 71 can modify, create, or delete data.

How do I enforce a policy on Slack? +

Register the Slack MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

// RELATED SERVERS

Other MCP servers with similar tools.

Starter policies for each. Same risk classification, live on your fleet in minutes.

Enforce policy on every Slack tool call.

Deterministic rules across all 143 Slack tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

SECURE SLACK →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

Slack

// TOOL MAP

// CONTEXT-WINDOW COST

// WHAT CAN GO WRONG

// RECOMMENDED RULES

// ALL 143 SLACK TOOLS

// FAQ