Skip to content

Updating the ConversationsMessageAddHandler to have optional attachments #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chongzluong wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Updating the ConversationsMessageAddHandler to have optional attachments #121

chongzluong wants to merge 1 commit into from

Conversation

@chongzluong
Copy link

@chongzluong chongzluong commented Oct 29, 2025

Overview

For the purposes of a demo video that utilizes Slack MCP and Cartesia MCP, I needed to be able to attach files to messages through MCP, so I made the following changes:

Slack API

MCP

  • Updated the addMessageParams to include a potential attachmentURL and attachmentName
    • (Optional) attachmentURL can be a local file or publicly accessible file URL. The file at this URL will be downloaded in and used as the body for the file upload API
    • (Optional) attachmentName the name to use for the uploaded file
  • Updated the ConversationsAddMessageHandler to incorporate a file attachment path
    • If an attachment_url is specified, we interpret local vs remote files , download, and then call the Slack API for uploading files (with an optional initial comment + thread timestamp)
    • If no attachment_url is specified, the previous behavior of calling the Slack API to post a message works as it did before

Testing

The tweet linked above exhibits the functionality in action.

  1. I ran make build to build the binary
  2. I pointed the Claude Desktop config to the binary with the --transport stdio arguments and the relevant Slack tokens
  3. I ran Cartesia's MCP
  4. I had it generate me a script, TTS'd the script into an audio file using Cartesia's MCP, and then sent it to myself afterwards directly over slack. Screenshot below:
Screenshot 2025-10-28 at 10 24 38 PM

@chongzluong
Copy link
Author

chongzluong commented Oct 29, 2025

@korotovsky apologies I'm under the impression that the integration test failures above aren't related to my changes, but please let me know if I'm incorrect there 😅

@korotovsky
Copy link
Owner

korotovsky commented Oct 29, 2025

Hi @chongzluong, thank you for submitting great functionality for this Slack MCP. However the security aspect of the PR in my opinion must be improved a little before we merge it to upstream, because this is the most popular Slack MCP Server nowadays and we should take it very serious especially when we would like to add such things like file upload/etc. let me summarize some points what is missing and should be added:

  • Env var that makes file uploading disabled by default, similar to posting messages env so all existing deployments won't be affected by this feature.
  • Scoping of where MCP can access files. It might be a comma separated list of patters on local filesystem i.e. /Users/*,/usr/data or comma separated list of domains where MCP is allowed to download files from (similar to link unfurling protection)

@chongzluong
Copy link
Author

chongzluong commented Oct 29, 2025

@korotovsky definitely makes sense, I'll update the PR later this week and follow up

@korotovsky
Copy link
Owner

korotovsky commented Dec 9, 2025

@chongzluong ping

@chongzluong
Copy link
Author

chongzluong commented Dec 11, 2025
edited
Loading

@korotovsky ah apologies, it's been quite a busy last month and a half on my end. I will try to find some time to tackle this on Sunday if that's alright

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

changes required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chongzluong @korotovsky