AgentSkillsCN

slack-mcp-setup

使用MacOS Keychain存储Token,搭建Slack MCP服务器。在首次设置或Token过期(出现invalid_auth错误)时使用。

SKILL.md
--- frontmatter
name: slack-mcp-setup
description: Set up Slack MCP server with macOS Keychain token storage. Use for initial setup or when tokens expire (invalid_auth error).

Slack MCP Setup (macOS Keychain)

This workstation uses macOS Keychain to store Slack MCP tokens securely. Tokens are fetched at darwin-rebuild switch time and injected into OpenCode config.

Architecture

  • Slack MCP is injected into opencode.json with tokens from Keychain
  • Dedicated slack agent defined via OpenCode-native markdown with tool allowlist
  • To use Slack: delegate tasks to the slack agent (e.g., delegate_task(subagent_type="slack", ...))

Two agent systems exist (don't confuse them!):

SystemPathtools: format
OpenCode-native (we use this)~/.config/opencode/agents/YAML map: tools:\n bash: false
Claude Code-style~/.claude/agents/Comma string: tools: foo,bar

We use OpenCode-native format because:

  • First-class validation (errors aren't silently swallowed)
  • Tool allowlist/denylist is natural YAML map format
  • No dependency on oh-my-opencode's Claude-compat layer

Initial Setup

1. Get Tokens from Slack

Open Slack in a web browser (https://app.slack.com or Okta tile). Must be in web client (URL like app.slack.com/client/T.../...).

Get XOXC Token

  1. Open DevTools (Cmd+Option+I or F12)
  2. Go to Console tab
  3. Type allow pasting and press Enter
  4. Run:
javascript
JSON.parse(localStorage.localConfig_v2).teams[document.location.pathname.match(/^\/client\/([A-Z0-9]+)/)[1]].token
  1. Copy the xoxc-... token

Get XOXD Token

  1. In DevTools, go to Application tab (Chrome) or Storage tab (Firefox)
  2. Expand Cookies → click Slack domain
  3. Find cookie named d (single letter)
  4. Double-click its Value, copy the xoxd-... value

Firefox users: Decode URL-encoded characters:

  • %2F/
  • %2B+

2. Store Tokens in Keychain

bash
# Add XOXC token
security add-generic-password -a "$USER" -s slack-mcp-xoxc-token -w "xoxc-YOUR-TOKEN-HERE" -U

# Add XOXD token
security add-generic-password -a "$USER" -s slack-mcp-xoxd-token -w "xoxd-YOUR-TOKEN-HERE" -U

The -U flag updates if the item already exists.

3. Apply Configuration

bash
darwin-rebuild switch --flake .#$(hostname -s)

The activation script will:

  • Fetch tokens from Keychain
  • Inject Slack MCP config into ~/.config/opencode/opencode.json
  • If tokens missing: delete any existing Slack config and warn

4. Verify

bash
# Check config was created
jq '.mcp.slack' ~/.config/opencode/opencode.json

# Should show:
# {
#   "type": "local",
#   "command": ["npx", "-y", "slack-mcp-server@latest", "--transport", "stdio"],
#   "environment": {
#     "SLACK_MCP_XOXC_TOKEN": "xoxc-...",
#     "SLACK_MCP_XOXD_TOKEN": "xoxd-...",
#     "SLACK_MCP_CUSTOM_TLS": "1",
#     "SLACK_MCP_USER_AGENT": "Mozilla/5.0..."
#   }
# }

# Verify opencode boots without errors
opencode --version

5. Restart OpenCode

Restart OpenCode to load the new MCP server. First use triggers cache build (takes several minutes for large workspaces).

Token Refresh

When you see invalid_auth errors, tokens have expired. Refresh them:

  1. Get new tokens from Slack (see "Get Tokens from Slack" above)
  2. Update Keychain:
bash
security add-generic-password -a "$USER" -s slack-mcp-xoxc-token -w "NEW-XOXC-TOKEN" -U
security add-generic-password -a "$USER" -s slack-mcp-xoxd-token -w "NEW-XOXD-TOKEN" -U
  1. Re-run: darwin-rebuild switch --flake .#$(hostname -s)
  2. Restart OpenCode

Troubleshooting

ErrorSolution
invalid_authTokens expired. Refresh tokens (see above).
cache not readyWait for sync to complete. Large workspaces take 5-10 min.
Logged out of SlackOne-time fraud protection. Re-extract tokens.
No Slack config after switchCheck Keychain has both tokens: security find-generic-password -s slack-mcp-xoxc-token

Cache Files

Slack MCP creates cache files in working directory:

code
~/Library/Caches/slack-mcp-server/users_cache.json
~/Library/Caches/slack-mcp-server/channels_cache_v2.json

Gitignore recommendation: Add .*.json to .gitignore in repos where you use Slack MCP to avoid committing cache files.

Using the Slack Agent

Delegate Slack research to the dedicated agent:

typescript
delegate_task(
  subagent_type="slack",
  load_skills=[],
  run_in_background=true,
  description="Search Slack for X",
  prompt="Find messages about [topic] in [channel/timeframe]. Return key findings with quotes and attribution."
)

Available tools for slack agent:

  • slack_channels_list - List channels
  • slack_conversations_history - Get channel messages
  • slack_conversations_replies - Get thread replies
  • slack_conversations_search_messages - Search messages with filters
  • slack_conversations_add_message - Post messages (use carefully)

References