DTwo Policy Store
SLACK · ACCESS CONTROL

Slack hygiene for autonomous AI agents

Slack's OAuth scopes pick capabilities, not the channels they apply to: you can grant an agent 'post messages,' but not 'post only in #status' — one scope covers every channel at once.

For: Platform teams granting agents Slack access beyond a single channel

Slack OAuth scopes let you pick capabilities, but not the channels or recipients they apply to. chat:write lets an agent post in every channel it's in, not just the one you intended; channels:history reads every public channel, not a chosen few; and there's no scope for 'DM teammates but never outsiders.' Apps also tend to request a bundle of scopes to cover many features, so an agent inherits all of it. The gateway is where you narrow that to specific channels and actions, since the scopes can't.

Each of these three ingress policies blocks one specific action and leaves the rest of the Slack tools available. deny-channel-creation stops channel sprawl from an over-eager agent. deny-direct-messages denies writes addressed to a 1:1 DM, a user ID, or a group DM, so the agent stays in channels instead of private conversations. deny-read-search-summarize-sensitive-channels keeps named sensitive channels out of reach for read, search, and summarize.

Add block-secrets from the secrets story and the agent is limited to posting in approved channels with no secrets in the payload. The slack bundle gathers the hygiene set.

Policies in this guide