How to add Slack MCP Server (session-based) to Cursor

Session-token Slack access for AI agents — no OAuth, no app registration, 21 tools, one command. Paste the config into ~/.cursor/mcp.json and restart Cursor.

Last updated June 14, 2026 · 28★ · stdio · apikey

Cursor config for Slack MCP Server (session-based)

npx -y @jtalk22/slack-mcp --setup

{
  "mcpServers": {
    "slack-mcp-server-session-based": {
      "command": "npx",
      "args": [
        "-y",
        "@jtalk22/slack-mcp"
      ],
      "env": {
        "SLACK_TOKEN": "xoxc-your-token",
        "SLACK_COOKIE": "xoxd-your-cookie"
      }
    }
  }
}

Setup steps

1Open Cursor → Settings → MCP → Add new MCP server (or edit ~/.cursor/mcp.json directly).
2Paste the Slack MCP Server (session-based) config below into the "mcpServers" object.
3Fill in placeholder secrets, then save.
4Cursor reloads MCP servers automatically — check Settings → MCP for a green status dot.
5Ask Cursor to use one of Slack MCP Server (session-based)'s tools to confirm it's connected.

Before you start

Node.js 20+
A Slack workspace you can access in your browser
Slack session tokens (xoxc- token + xoxd- cookie); auto-extracted from Chrome on macOS, or supplied via SLACK_TOKEN / SLACK_COOKIE env vars on Windows/Linux

What Slack MCP Server (session-based) can do in Cursor

slack_health_check

Verify token validity and workspace info (read-only).

slack_token_status

Report token age, health, and cache stats (read-only).

slack_refresh_tokens

Auto-extract fresh tokens from Chrome; modifies local token file only (macOS).

slack_list_conversations

List DMs and channels (read-only). Supports discover_dms=true.

slack_conversations_history

Get messages from a channel or DM (read-only). Accepts include_rich_message_fields.

slack_get_full_conversation

Export full history including threads (read-only). Accepts include_rich_message_fields.

slack_search_messages

Search messages across the workspace (read-only). Slack search does not return rich fields on matches.

slack_get_thread

Get thread replies (read-only). Accepts include_rich_message_fields.

Security

Uses browser session credentials (xoxc-/xoxd-), not OAuth — check your workspace's acceptable use policy; not affiliated with Slack Technologies. Session-token transport means no bot user, app install, or audit-trail entry appears in the workspace admin panel. Token files are written chmod 600 (owner-only) with atomic writes; macOS Keychain provides an encrypted backup. Write tools (slack_send_message, slack_add_reaction, slack_remove_reaction, slack_conversations_mark) are marked destructive. The optional HTTP mode binds to localhost and requires SLACK_MCP_HTTP_AUTH_TOKEN plus an allowed-origins list.

Slack MCP Server (session-based) + Cursor FAQ

Where is the Cursor config file?

Cursor reads MCP servers from ~/.cursor/mcp.json. Paste the Slack MCP Server (session-based) config there under the "mcpServers" key and restart the client.

Is Slack MCP Server (session-based) safe to use with Cursor?

Do I need a Slack OAuth app or admin approval?

No. The server uses your browser's session tokens (xoxc-/xoxd-), so there is no app registration, no scopes, and no admin approval. Your agent has the same access as your browser tab.

Does it work on Windows and Linux?

Yes, but auto token extraction from Chrome is macOS-only. On Windows/Linux you must supply SLACK_TOKEN and SLACK_COOKIE via the env block in your client config.

Is it affiliated with Slack?

No. It is not affiliated with Slack Technologies, Inc. Because it uses browser session credentials, you should check your workspace's acceptable use policy before using it.

View repo Full Slack MCP Server (session-based) page