Slack MCP Server: 5 New Tools for Reactions, Files, and Channels

Slack shipped five new tools to its MCP server on May 13, 2026. The additions — reactions, channel creation, member listing, emoji enumeration, and file reading — expand what agents can do inside a workspace without custom API code.

If you're building agents that interact with Slack, or if you're using Slack as an orchestration layer for multi-agent systems, these additions close several common gaps. The MCP server launched in February 2026 and has seen 25x growth in both real-time search queries and MCP tool calls since then, according to Slack's announcement. The May update reflects what developers have actually been trying to do and couldn't.

Effloow Lab reviewed the official changelog and documentation from docs.slack.dev. The full evidence note is at data/lab-runs/slack-mcp-server-new-tools-developer-guide-2026.md. No Slack API credentials were available for live testing; all claims here are sourced from official Slack documentation.

What the Slack MCP Server Is

The Slack MCP server exposes a Slack workspace as a set of standardized tools consumable by any MCP-compatible client — Claude, Cursor, VS Code agents, or custom orchestration code using an MCP client library.

The design follows the Model Context Protocol spec: the server exposes tools via a JSON-RPC 2.0 interface, clients discover tools via tools/list, and tool calls are standard tools/call requests. The server handles Slack OAuth scopes, token management, and API translation internally, so the agent never touches Slack's native REST API directly.

The access model has a constraint worth knowing upfront: only Slack Marketplace apps and internal apps can use MCP. Unlisted apps are prohibited. Workspace admins approve and manage all MCP client integrations. This is not a developer sandbox — it's an enterprise integration surface with explicit admin oversight.

The Five New Tools

add_reaction

Adds an emoji reaction to a Slack message on behalf of the authenticated user. The tool takes a channel ID, a message timestamp, and an emoji name.

This sounds minor but closes an important loop for agent workflows. Previously, agents could search messages and post responses. They couldn't acknowledge messages with a lightweight signal — the Slack equivalent of "seen" or "processing." Add-reaction fills that gap for any pattern where the agent needs to confirm receipt without generating a full reply.

Use case: a triage agent that processes incoming support requests can add a 👀 reaction when it picks up a message and ✅ when it resolves it, giving humans visibility into agent state without channel noise.

create_conversation

Creates a new Slack channel, group DM, or IM conversation on behalf of the authenticated user. The tool handles all three conversation types (public channel, private channel, group DM, direct message) through a single interface.

This is the biggest capability jump in the May release. Before this tool, agents could only work within existing conversations — they couldn't create dedicated workspaces for specific tasks. With create_conversation, an agent can now:

• Create a project channel and invite relevant stakeholders
• Open a temporary DM thread with a specific person for a handoff
• Bootstrap a private channel for a specific incident or deliverable

The tool creates the conversation. Channel membership management (inviting users, setting topics, configuring permissions) still requires additional tooling or direct API calls.

list_channel_members

Returns a list of user IDs for members of a given channel or conversation. Paired with get_user_info (available since the original launch), this gives agents the ability to reason about channel membership before taking action.

The practical value is context-aware routing. An agent deciding who to notify about a deployment failure can now check who's actually in the #on-call channel before posting, rather than posting to a channel and hoping the right people are watching.

list_emoji

Returns the list of custom emoji available in the workspace. This is a support tool for agents that need to use add_reaction correctly — without knowing what custom emoji exist, the agent would have to guess or hard-code emoji names.

For organizations with elaborate emoji libraries (common in engineering teams), this makes reaction workflows actually reliable. The tool is also useful for agents generating Slack-formatted messages with emoji, where using an emoji name that doesn't exist silently fails.

read_files

Retrieves metadata and content of files shared in Slack workspaces. Files in Slack are first-class objects — uploaded documents, pastes, canvas exports, image attachments. Before this tool, agents could read message text but couldn't access the files linked or attached in those messages.

The tool returns both metadata (file name, type, size, uploader, timestamp) and content. Content access likely depends on file type and OAuth scopes. PDF documents, code pastes, and text files are the most directly useful for analysis tasks; binary files would return metadata only.

The Complete Tool Inventory

As of May 2026, the Slack MCP server provides:

Original tools (February 2026 GA):

• search_messages — search with filters by date, user, content type
• post_message — post to channels or DMs
• read_channel — retrieve channel messages and metadata
• list_users — list workspace users
• list_channels — list workspace channels
• get_user_info — retrieve user profile details
• Canvas read/write operations
• Real-time Search (RTS) API — structured semantic search

New tools (May 13, 2026):

• add_reaction — emoji reactions to messages
• create_conversation — create channels and DMs
• list_channel_members — enumerate channel membership
• list_emoji — list custom workspace emoji
• read_files — access file content and metadata

Security Model

The MCP server runs with user-level tokens — the agent acts on behalf of the authenticated Slack user, not as a standalone bot. This has important implications for what the agent can and cannot do.

Actions the agent takes appear as coming from the user in Slack's audit log. An agent that posts to a channel is indistinguishable from the user posting directly, from the perspective of other workspace members. This is by design — the user is granting the agent permission to act on their behalf — but it means agent activity is logged and attributable.

Workspace admins control which MCP clients are permitted. This isn't per-user — the admin approves or denies MCP client access for the workspace, and users can then connect approved clients. This means IT security teams retain oversight even as individual users configure their own agent integrations.

The agent cannot act beyond the authenticated user's Slack permissions. If the user isn't a workspace admin, the agent isn't a workspace admin.

What Agents Can Do Now That They Couldn't Before

The May release makes three workflow patterns newly feasible:

Autonomous triage agents. A monitoring agent watching an alert channel can now: react to the alert to signal it's processing (add_reaction), check who's on call (list_channel_members + get_user_info), read any runbook documents linked in the message (read_files), create a dedicated incident channel (create_conversation), and post a structured summary. The full triage workflow now fits within the MCP tool surface.

Meeting follow-up agents. After a recorded meeting, an agent can read any documents shared during the call (read_files), create a follow-up channel for action items (create_conversation), and notify the right people based on who was in the meeting channel (list_channel_members).

Content moderation assistants. An agent monitoring workspace conversations can now react to messages it flags for review, read linked files to check for policy violations, and create a private review channel to loop in moderation staff — all without requiring a custom Slack app.

Connecting the MCP Server to Agents

The Slack MCP server connects to any MCP client using standard configuration. For Claude desktop, the configuration looks like:

{
  "mcpServers": {
    "slack": {
      "command": "npx",
      "args": ["-y", "@slack/mcp-server"],
      "env": {
        "SLACK_BOT_TOKEN": "xoxb-your-token",
        "SLACK_TEAM_ID": "T0XXXXXXXXX"
      }
    }
  }
}

For programmatic use with an MCP client library, the server connects via stdio or HTTP transport. The Slack developer docs include a sample application showing the full integration pattern with authentication handling.

Slack provides a dedicated sample app at docs.slack.dev/ai/slack-mcp-server/developing/ that walks through OAuth setup, token management, and testing against a development workspace.

What's Still Missing

create_conversation creates channels but doesn't invite users to them. An agent that creates a project channel still needs a separate mechanism to invite stakeholders — either the user does it manually, or the agent calls the Slack API directly (outside MCP). Invite-to-channel tooling would complete the channel lifecycle pattern.

read_files access depends on OAuth scopes and file types. The documentation confirms the tool retrieves "metadata and content," but what counts as accessible content versus metadata-only for different file types isn't fully specified in the changelog. Agents handling PDFs or binary files will need to test this against their workspace configuration.

Real-time notifications — the agent being triggered when a new message arrives rather than polling — still require the RTS (Real-time Search) API rather than the MCP tool surface. MCP is a request-response pattern; event-driven triggers are handled separately.

Summary

The May 13, 2026 Slack MCP Server update adds five tools that complete several common agent workflow patterns: add_reaction for lightweight status signals, create_conversation for autonomous channel provisioning, list_channel_members for membership-aware routing, list_emoji for reliable reaction usage, and read_files for document access.

The combined tool inventory (13 tools as of May 2026) covers the core read, write, and management operations an enterprise agent needs for Slack-integrated workflows. The 25x growth in MCP usage since February suggests developer adoption is real, and the May additions are clearly driven by what developers have been trying to build.

The security model — user-level tokens, admin oversight, marketplace restrictions — reflects Salesforce's enterprise focus for Slack. Agents operate as the authenticated user and can't exceed that user's permissions, which is the right posture for enterprise deployments even if it limits some automation scenarios.

Sources: Slack Developer Docs changelog (docs.slack.dev/changelog/2026/05/13/new-mcp-tools/), MCP server overview (docs.slack.dev/ai/slack-mcp-server/), GA announcement (docs.slack.dev/changelog/2026/02/17/slack-mcp/), Slack blog (slack.com/blog/news/powering-agentic-collaboration).

Lab note: data/lab-runs/slack-mcp-server-new-tools-developer-guide-2026.md