Maverick Slack Mcp

Search, read, and update Slack messages, channel history, canvases, and users via Slack's hosted MCP server. Thin pass-through to Slack's official MCP; the live tool catalog is whatever that server advertises. Use when the user asks about Slack messages, channels, threads, canvases, users, or wants to send a Slack message.

Audits

Pass

ClawScanPass

Agentic behavior and permission review.

Static analysisReview

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install maverick-slack-mcp

Slack

How to use this skill

This skill is a thin pass-through to Slack's hosted MCP server at https://mcp.slack.com/mcp. The live server is the source of truth for what tools exist, what they're called, what arguments they take, and any per-server instructions the server publishes.

Always invoke through bash {baseDir}/scripts/invoke.sh — never call mcporter directly. The wrapper seeds the OAuth vault from the env-supplied tokens when needed, then calls mcporter.

Step 1 - Discover the live tool catalog and any server-published usage instructions. Always run this first; do not rely on tool names from memory:

bash {baseDir}/scripts/invoke.sh list maverick-slack-mcp --schema

The output includes the server's Instructions: field, if published, and a JSON Schema for every tool's parameters. Treat this as the authoritative reference for the rest of the session.

Step 2 - Call any tool from the catalog using the form maverick-slack-mcp.<tool>:

bash {baseDir}/scripts/invoke.sh call maverick-slack-mcp.<tool> <arg>=<value> ...

Add --output json for structured output and transport-error envelopes:

bash {baseDir}/scripts/invoke.sh call --output json maverick-slack-mcp.<tool> ...

Safety

Write-capable tools can post messages, draft or update messages, create or update canvases, and make other externally visible Slack changes in the connected workspace. Confirm clear user intent before making changes, show the exact message or canvas update before sending, and never post to a channel the user has not explicitly named.

Authentication

Slack's MCP server uses JSON-RPC 2.0 over Streamable HTTP at https://mcp.slack.com/mcp. Slack's documentation states that Dynamic Client Registration is not supported for this MCP server and that MCP clients use confidential OAuth with a registered Slack app's client_id and client_secret.

Credentials are available to the agent runtime through required env vars. The wrapper seeds mcporter's vault as needed before each call. mcporter handles authentication automatically: it reads tokens and client information from the vault, sends tokens with each request, and refreshes them on expiry.

The only failure mcporter cannot recover from on its own is grant revocation. It manifests as calls persistently failing with auth errors that do not clear on retry; ask the user to re-authorize the integration.

References

Slack MCP server overview, endpoint, and DCR note: https://docs.slack.dev/ai/slack-mcp-server/
Slack MCP confidential OAuth requirements and scopes: https://docs.slack.dev/ai/slack-mcp-server/#authentication-and-token-handling
mcporter config reference: https://github.com/openclaw/mcporter/blob/main/docs/config.md