[![Listada na Skillteca](https://www.skillteca.com.br/api/badge/slack-token-extractor/svg)](https://www.skillteca.com.br/skills/slack-token-extractor?utm_source=badge&utm_medium=readme&utm_campaign=badge)

Slack Token Extractor

Refresh expired Slack browser session tokens (xoxc/xoxd) used by Slack MCP server.

System requirements

Need system Chrome/Chromium binary — CHROME_PATH must set in .env (e.g. CHROME_PATH=/usr/bin/google-chrome-stable). Playwright bundled Chromium never used — services fingerprint as bot traffic.

On headless servers, setup_slack_session also need VNC stack for interactive login:

apt install xvfb x11vnc novnc

Plugin check missing deps at startup, log warnings.

How it works

Use Playwright persistent browser contexts — after one manual login (human handle CAPTCHA/magic-link), later token extractions run headless using saved session.

First-time setup (requires human)

Before tokens auto-refresh, human must log in once:

setup_slack_session(workspace_name="acme")

Open visible Chromium window. Human complete Slack login flow (CAPTCHA, magic link, SSO — whatever Slack require). Session saved for future headless use.

On headless server (no X display), tool auto-start virtual display with noVNC web access on port 6080. Before calling setup_slack_session, tell human open http://<server>:6080/vnc.html?autoconnect=true in browser so can interact with login page.

Hardware security keys (YubiKey, FIDO2): noVNC cannot forward WebAuthn challenges — key must physically connect to machine running browser. If Slack login need hardware key, run setup_slack_session on local machine with key attached, then rsync profile to server:

rsync -az data/playwright-profiles/acme/ server:~/src/PERSONAL/pynchy/data/playwright-profiles/acme/

Refreshing tokens

Once session set up, tokens refresh headless:

refresh_slack_tokens(
    workspace_name="acme",
    xoxc_var="SLACK_XOXC_ACME",
    xoxd_var="SLACK_XOXD_ACME",
)

Tool navigate to Slack using saved session, extract fresh tokens, write to .env. pynchy service auto-restart on .env changes.

Error handling

"Not logged in — persistent session expired" — Saved browser session expired. Human need run setup_slack_session again.
"Failed to extract xoxc/xoxd" — Browser reached Slack client but tokens not found. Slack may have changed storage format.
"Login not completed within Xs" — Human not finish manual login in time. Try again with longer timeout_seconds.

slack-token-extractor

Cómo agregar

Pega en el README de tu repo

Skills relacionadas

security-research

security-audit

security-compliance-compliance-check

security-auditor

Recibe nuevas skills de Segurança todos los lunes