slack-cli

module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2026 License: MIT

README

slack-cli

A command-line interface for Slack that authenticates as your user by extracting credentials from the local Slack desktop app. No Slack app registration or OAuth setup required.

Features

  • Search messages across channels with Slack's powerful query syntax
  • Read channel history and thread replies
  • List channels you have access to
  • JSON output for scripting and automation (great for Claude Code and other AI tools)
  • Multi-workspace support

Installation

From Source
git clone https://github.com/theFong/slack-cli.git
cd slack-cli
make build
Prerequisites
  • Go 1.21+
  • macOS (currently macOS-only due to Keychain integration)
  • Slack desktop app installed and logged in

Quick Start

# Extract credentials from your Slack app
./slack-cli auth refresh

# Check authentication status
./slack-cli auth status

# Search for messages
./slack-cli search "deployment error" -w "My Workspace"

# List channels
./slack-cli channels -w "My Workspace"

# Read recent messages from a channel
./slack-cli read general --limit 20 -w "My Workspace"

Commands

auth refresh

Extracts fresh credentials from your local Slack desktop app.

./slack-cli auth refresh

Note: You may need to close the Slack app if extraction fails due to database locks.

auth status

Shows authentication status for all workspaces.

./slack-cli auth status
./slack-cli auth status --json  # JSON output
search <query>

Search messages using Slack's search syntax.

# Basic search
./slack-cli search "bug fix"

# Search with modifiers
./slack-cli search "from:@alice in:#engineering"
./slack-cli search "has:link after:2024-01-01"

# Limit results and paginate
./slack-cli search "error" --limit 50 --page 2

# JSON output for scripting
./slack-cli search "deployment" --json

Search modifiers:

  • from:@user - Messages from a specific user
  • in:#channel - Search within a channel
  • in:@user - Search DMs with a user
  • has:link - Messages containing links
  • has:reaction - Messages with reactions
  • before:YYYY-MM-DD - Before a date
  • after:YYYY-MM-DD - After a date
channels

List accessible channels.

./slack-cli channels
./slack-cli channels --type public_channel
./slack-cli channels --limit 50 --json
read <channel>

Read message history from a channel.

# Read by channel name or ID
./slack-cli read general
./slack-cli read C1234567890

# Limit and filter
./slack-cli read engineering --limit 50
./slack-cli read general --after 2024-01-01

# Read thread replies
./slack-cli read general --thread 1234567890.123456

# JSON output
./slack-cli read general --json
Global Flags
  • -w, --workspace - Target workspace (name, ID, or URL)
  • --json - Output in JSON format

How It Works

Authentication Architecture

Slack uses session-based authentication with two components:

  1. xoxc- token - A workspace-specific session token stored in Slack's LevelDB
  2. d cookie (xoxd-) - A long-lived session cookie shared across all workspaces

Both are required for API calls:

Authorization: Bearer xoxc-...
Cookie: d=xoxd-...
Credential Extraction

The CLI extracts credentials from your local Slack desktop app:

  1. Tokens - Read from LevelDB at:

    • ~/Library/Application Support/Slack/Local Storage/leveldb/
    • Falls back to scanning raw .ldb files if compaction moves data

  2. Cookie - Decrypted from Slack's cookie database:

    • Encrypted with AES-128-CBC
    • Key stored in macOS Keychain as "Slack Safe Storage"
    • Decryption uses PBKDF2 key derivation (salt: saltysalt, iterations: 1003)

  3. Workspace Metadata - Extracted from localConfig_v2 in LevelDB

Storage Locations

Credentials are stored securely in the macOS Keychain under the service name slack-cli. This provides OS-level encryption and access control rather than relying on file permissions.

Limitations & Known Issues

Session Token Lifecycle

Slack's session tokens (xoxc-) may become invalid:

  • Token rotation - Slack periodically rotates session tokens
  • Security detection - Unusual API access patterns may trigger invalidation
  • Re-authentication - Logging out/in to Slack generates new tokens

Solution: Run slack-cli auth refresh to extract fresh credentials.

Enterprise Workspaces with SSO

⚠️ Known Issue: Enterprise Grid workspaces with SSO authentication may not work with extracted credentials. This is a documented limitation affecting session token extraction tools.

Symptoms:

  • Tokens extract successfully but API calls return invalid_auth
  • Slack app works fine with the same session
  • Fresh tokens (after re-login) still fail

This appears to be due to Slack's enterprise security binding tokens to specific client sessions in ways that can't be replicated via direct API calls.

Workaround: For enterprise workspaces, consider using:

  • A properly registered Slack app with OAuth
  • Browser automation instead of direct API calls
  • Non-enterprise workspaces (which work correctly)

Other Enterprise Grid limitations:

  • enterprise_is_restricted errors on certain API calls
  • Use -w flag to target specific workspaces
macOS Only

Currently requires macOS for:

  • Keychain access (cookie decryption key)
  • Slack desktop app paths

Linux/Windows support would require different credential extraction methods.

Alternative Token Sources

If LevelDB tokens are stale, Slack may store current tokens in:

  • IndexedDB (~/Library/Application Support/Slack/IndexedDB/)
  • Service Worker CacheStorage

These are not currently parsed but could be added.

Development

Setup
make setup  # Install tools and configure git hooks
Build
make build      # Build binary
make install    # Install to $GOPATH/bin
Quality Checks
make lint       # Run golangci-lint
make secrets    # Run gitleaks secret scanning
make test       # Run tests
make check      # Run all checks
Pre-commit Hooks

The repo includes pre-commit hooks for:

  • golangci-lint - Go linting and static analysis
  • gitleaks - Secret scanning
  • go fmt - Code formatting

Use with AI Tools

The --json flag makes output easy to parse for AI assistants:

# Search and pipe to processing
./slack-cli search "error in production" --json | jq '.messages.matches[].text'

# Get channel list for context
./slack-cli channels --json > channels.json

# Export conversation for analysis
./slack-cli read C1234567890 --limit 100 --json > conversation.json

Security Considerations

  • Credentials are your session - Treat cached credentials like your Slack password
  • Local extraction only - No credentials are sent anywhere except Slack's API
  • Keychain storage - Credentials are stored in macOS Keychain with OS-level encryption
  • No token logging - Tokens are never written to logs or error messages

Troubleshooting

"failed to open LevelDB (is Slack running?)"

The LevelDB database is locked. Either:

  • Close the Slack desktop app, or
  • The CLI will automatically copy the database to a temp location
"invalid_auth" errors

Your session tokens may have expired:

./slack-cli auth refresh

If errors persist, try logging out and back into Slack, then refresh.

"no workspace tokens found"

The tokens may be in a compacted LevelDB state. The CLI scans raw .ldb files as a fallback, but very recent tokens might be in the write-ahead log (.log files) which aren't persisted yet.

Solution: Wait a moment for Slack to flush data, or restart Slack.

Ensure Slack desktop app is installed (not just the web version).

License

MIT

Acknowledgments

Directories

Path Synopsis
cmd
slack-cli command
internal
api
auth
cli
config

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.