server-slack
npm:@modelcontextprotocol/server-slack@2025.4.25
Severity breakdown
Worst finding
Tool `slack_post_message` name implies a side effect that is not declared
· slack_post_message
`slack_post_message` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.
fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).
All 1 finding
- highTool `slack_post_message` name implies a side effect that is not declared· slack_post_messageexcessive agency
`slack_post_message` looks like a side-effecting tool (its name contains a mutation verb), but its `side_effects` declaration is []. A policy synthesizer cannot produce safe rules for this tool because it cannot tell what it actually does.
fix: Declare the tool's true side effects explicitly. If the tool is genuinely read-only, rename it to match (e.g. `email.preview` rather than `email.send`).
How this was scored
Source registry — tool surface extracted from the package's README + manifest (R3/R5/R6/R7 fire; schema-dependent rules deferred). Findings are emitted by the public capframe.findings.v1 schema. Score = 100 − (10·Critical + 4·High + 2·Medium + 1·Low), clamped to [0, 100].
Disagree with a finding? Open an issue.