Skip to content

jtalk22/slack-mcp-server

v4.2.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP SaaS Integrations
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

platform-commercial status-live

Affected surfaces

rce_ssrf

Summary

AI summary

Hardens shell‑execution surfaces to close AgentScore advisory AGENTSCORE-2026-0016.

Full changelog

Patch release. Hardens the shell-exec surface to clear AgentScore advisory AGENTSCORE-2026-0016 (90→80, LOW→MODERATE).

Why this exists

AgentScore flagged v4.2.0 for command_injection: shell execution with template literal input. Two surfaces matched:

| File | Line | Variable | Source |
|---|---|---|---|
| scripts/token-cli.js | 146-147 | KEYCHAIN_SERVICE | Hardcoded "slack-mcp-server" (lib/token-store.js:18) |
| lib/handlers.js | 58 | tempPath | Internal cache/token path + PID |

Both are static-analysis false positives — every variable inside the template literals is a hardcoded internal constant. No untrusted input flows in. AgentScore is pattern-matching execSync(template-literal) without taint analysis.

We're shipping the fix anyway because eliminating the pattern entirely is cheap (~14 lines) and forward-proof: any future refactor that accidentally introduces user-controlled input into these paths can't regress into a real injection.

What changed

  • lib/handlers.jsatomicWriteSync() POSIX permission tightening drops the subprocess entirely. execSync(\chmod 600 "${tempPath}"`)chmodSync(tempPath, 0o600). Pure-node fs API, no shell context, no template literal. child_process` import removed from the file.

  • scripts/token-cli.jsclearTokens() keychain delete now uses argv-array spawnSync. execSync(\security delete-generic-password -s "${KEYCHAIN_SERVICE}" -a "token"`)spawnSync("security", ["delete-generic-password", "-s", KEYCHAIN_SERVICE, "-a", "token"])`. Argv form bypasses shell parsing entirely.

Verification

After install:

```bash
npm view @jtalk22/[email protected] version

4.2.2

```

Code-level:

  • 0 execSync calls in any file shipped to npm (per package.json files field)
  • 0 template literals as command argument to spawn/spawnSync
  • AgentScore re-scan should return score to ≥90 (LOW)

No functional changes

The 21-tool surface is identical. Token clear behavior, atomic write behavior, file permissions — all preserved. The only change is how the subprocess work happens.

Links

  • v4.2.0 release — feature release (workflow primitives + paid stubs + 6 templates)
  • v4.2.1 release — honesty patch (npm description + Honest tradeoff rewrite)
  • npm: https://www.npmjs.com/package/@jtalk22/slack-mcp

Security Fixes

  • AGENTSCORE-2026-0016 — removed `execSync` usages in lib/handlers.js and scripts/token-cli.js, reducing AgentScore score from 90 (LOW) to 80 (MODERATE).
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jtalk22/slack-mcp-server

Get notified when new releases ship.

Sign up free

About jtalk22/slack-mcp-server

Your complete Slack context for Claude—DMs, channels, threads, search. No OAuth apps, no admin approval. `--setup` and done, 11 tools, auto-refresh.

All releases →

Related context

Beta — feedback welcome: [email protected]