How to add Slack MCP Server (session-based) to Windsurf

Session-token Slack access for AI agents — no OAuth, no app registration, 21 tools, one command. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.

Last updated June 14, 2026 · 28★ · stdio · apikey

Windsurf config for Slack MCP Server (session-based)

npx -y @jtalk22/slack-mcp --setup

{
  "mcpServers": {
    "slack-mcp-server-session-based": {
      "command": "npx",
      "args": [
        "-y",
        "@jtalk22/slack-mcp"
      ],
      "env": {
        "SLACK_TOKEN": "xoxc-your-token",
        "SLACK_COOKIE": "xoxd-your-cookie"
      }
    }
  }
}

Setup steps

1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
2Paste the Slack MCP Server (session-based) config below.
3Fill in placeholder secrets, then save.
4Click Refresh in the MCP panel.
5Slack MCP Server (session-based)'s tools become available to Cascade.

Before you start

Node.js 20+
A Slack workspace you can access in your browser
Slack session tokens (xoxc- token + xoxd- cookie); auto-extracted from Chrome on macOS, or supplied via SLACK_TOKEN / SLACK_COOKIE env vars on Windows/Linux

What Slack MCP Server (session-based) can do in Windsurf

slack_health_check

Verify token validity and workspace info (read-only).

slack_token_status

Report token age, health, and cache stats (read-only).

slack_refresh_tokens

Auto-extract fresh tokens from Chrome; modifies local token file only (macOS).

slack_list_conversations

List DMs and channels (read-only). Supports discover_dms=true.

slack_conversations_history

Get messages from a channel or DM (read-only). Accepts include_rich_message_fields.

slack_get_full_conversation

Export full history including threads (read-only). Accepts include_rich_message_fields.

slack_search_messages

Search messages across the workspace (read-only). Slack search does not return rich fields on matches.

slack_get_thread

Get thread replies (read-only). Accepts include_rich_message_fields.

Security

Uses browser session credentials (xoxc-/xoxd-), not OAuth — check your workspace's acceptable use policy; not affiliated with Slack Technologies. Session-token transport means no bot user, app install, or audit-trail entry appears in the workspace admin panel. Token files are written chmod 600 (owner-only) with atomic writes; macOS Keychain provides an encrypted backup. Write tools (slack_send_message, slack_add_reaction, slack_remove_reaction, slack_conversations_mark) are marked destructive. The optional HTTP mode binds to localhost and requires SLACK_MCP_HTTP_AUTH_TOKEN plus an allowed-origins list.

Slack MCP Server (session-based) + Windsurf FAQ

Where is the Windsurf config file?

Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Slack MCP Server (session-based) config there under the "mcpServers" key and restart the client.

Is Slack MCP Server (session-based) safe to use with Windsurf?

Do I need a Slack OAuth app or admin approval?

No. The server uses your browser's session tokens (xoxc-/xoxd-), so there is no app registration, no scopes, and no admin approval. Your agent has the same access as your browser tab.

Does it work on Windows and Linux?

Yes, but auto token extraction from Chrome is macOS-only. On Windows/Linux you must supply SLACK_TOKEN and SLACK_COOKIE via the env block in your client config.

Is it affiliated with Slack?

No. It is not affiliated with Slack Technologies, Inc. Because it uses browser session credentials, you should check your workspace's acceptable use policy before using it.

View repo Full Slack MCP Server (session-based) page