Critical-risk tools in Slack
16 of the 143 tools in Slack are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
SLACK_CLEAR_STATUSDestructive 4/5Clears the Slack status for the authenticated user, removing any custom text and emoji.
-
SLACK_CUSTOMIZE_URL_UNFURLDestructive 4/5Customizes URL previews (unfurling) in a specific Slack message using a URL-encoded JSON in `unfurls` to define custom content or remove existing previews.
-
SLACK_DELETE_A_COMMENT_ON_A_FILEDestructive 4/5Deletes a specific comment from a file in Slack; this action is irreversible.
-
SLACK_DELETE_A_FILE_BY_IDDestructive 4/5Permanently deletes an existing file from a Slack workspace using its unique file ID; this action is irreversible and also removes any associated comments or shares.
-
SLACK_DELETE_A_PUBLIC_OR_PRIVATE_CHANNELDestructive 4/5Permanently and irreversibly deletes a specified public or private channel, including all its messages and files, within a Slack Enterprise Grid organization.
-
SLACK_DELETE_A_SCHEDULED_MESSAGE_IN_A_CHATDestructive 4/5Deletes a pending, unsent scheduled message from the specified Slack channel, identified by its `scheduled_message_id`.
-
SLACK_DELETE_A_SLACK_REMINDERDestructive 4/5Deletes an existing Slack reminder, typically when it is no longer relevant or a task is completed; this operation is irreversible.
-
SLACK_DELETE_CANVASDestructive 4/5Deletes a Slack Canvas permanently.
-
SLACK_DELETE_USER_PROFILE_PHOTODestructive 5/5Deletes the Slack profile photo for the user identified by the token, reverting them to the default avatar; this action is irreversible and succeeds even if no custom photo was ...
-
SLACK_DISABLE_AN_EXISTING_SLACK_USER_GROUPDestructive 4/5Disables a specified, currently enabled Slack User Group by its unique ID, effectively archiving it by setting its 'date_delete' timestamp; the group is not permanently deleted ...
-
SLACK_REMOVE_A_REMOTE_FILEDestructive 5/5Removes the Slack reference to an external file (which must have been previously added via the remote files API), specified by either its `external_id` or `file` ID (one of whic...
-
SLACK_REMOVE_A_STAR_FROM_AN_ITEMDestructive 5/5Removes a star from a previously starred Slack item (message, file, file comment, channel, group, or DM), requiring identification via `file`, `file_comment`, `channel` (for cha...
-
SLACK_REMOVE_A_USER_FROM_A_CONVERSATIONDestructive 4/5Removes a specified user from a Slack conversation (channel); the caller must have permissions to remove users and cannot remove themselves using this action.
-
SLACK_REMOVE_CALL_PARTICIPANTSDestructive 4/5Registers participants removed from a Slack call.
-
SLACK_REMOVE_REACTION_FROM_ITEMDestructive 5/5Removes an emoji reaction from a message, file, or file comment in Slack.
-
SLACK_REVOKE_PUBLIC_SHARING_ACCESS_FOR_A_FILEDestructive 5/5Revokes a Slack file's public URL, making it private; this is a no-op if not already public and is irreversible.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Slack
Enforce policy on Slack
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init