How to Connect OpenClaw to Slack: Complete Integration Guide 2026

A complete, step-by-step guide to connecting OpenClaw to Slack. From creating your Slack app to multi-agent routing, file sharing, and security best practices.

Slack is where your team already works. Conversations, decisions, file sharing, standup updates, incident response. It is the operational hub for millions of teams. Connecting your AI agent to Slack means meeting your team where they are, not forcing them into a separate interface.

OpenClaw's Slack plugin is one of the most capable built-in integrations in the framework. It supports DMs, channel messages, @mentions, threaded replies, file sharing (inbound and outbound), and per-message identity customization. But getting it set up correctly requires understanding Slack's app model, OAuth scopes, event subscriptions, and a few configuration details that most tutorials gloss over.

This guide covers everything: creating a Slack app from scratch, configuring the right permissions, installing it to your workspace, wiring it to OpenClaw, and setting up advanced features like multi-agent routing and file sharing. If you are running OpenClaw on ClawTrust, most of this is handled automatically through the dashboard. But understanding the mechanics helps you get the most out of the integration either way.

Why Slack Is the Best Channel for Team AI Agents

Every messaging platform has strengths. Telegram is lightweight and fast. Discord excels at community management. WhatsApp reaches everyone with a phone number. But for teams deploying AI agents in a business context, Slack has unique advantages that make it the preferred channel.

Your team is already there. Adoption is the hardest part of any new tool. When your AI agent lives in Slack, there is zero onboarding friction. Your team already knows how to DM, @mention, share files, and thread conversations. The agent slots into existing workflows rather than creating new ones.

Channel-based organization maps to agent specialization. A support agent monitors #customer-support. A DevOps agent watches #incidents. A sales agent handles #leads. Slack's channel model aligns naturally with how teams organize work, which means you can deploy multiple specialized agents without anyone getting confused about which agent does what.

Rich formatting and file support. Slack handles code blocks, bullet lists, links, images, PDFs, spreadsheets, and threaded discussions natively. Your agent can share a formatted report, attach a generated document, or respond with a code snippet, and it renders properly without any extra work.

Built-in identity customization. With the chat:write.customize scope, each agent can post with its own username and avatar. In a channel with multiple agents, each one has a distinct visual identity. "Alex (Support)" has a blue avatar. "Dev (Engineering)" has a green one. Your team always knows which agent is responding.

Enterprise-grade security and compliance. Slack Enterprise Grid provides SAML SSO, data loss prevention, audit logging, and eDiscovery. Your agent's messages are subject to the same retention policies and compliance controls as human messages. For regulated industries, this matters.

Step 1: Create a Slack App

Every Slack integration starts with creating a Slack app. This is the container that holds your bot's permissions, event subscriptions, and identity.

Create the App

1. Go to api.slack.com/apps and click Create New App.
2. Select From scratch (not from a manifest, though we will cover manifests later for automation).
3. Give your app a name. This will be the default display name when the bot posts messages. Choose something descriptive like "ClawTrust Agent" or the name of your specific agent.
4. Select the workspace where you want to install it. You can distribute to other workspaces later.
5. Click Create App.

You are now on the app configuration page. Bookmark this URL. You will come back to it several times.

Configure the Bot User

1. In the left sidebar, click App Home.
2. Under Your App's Presence in Slack, make sure Always Show My Bot as Online is enabled. This prevents confusion when team members try to DM the bot and see it as "offline."
3. Under Show Tabs, enable the Messages Tab and check Allow users to send Slash commands and messages from the messages tab. This enables DM conversations with the bot.

Step 2: Configure OAuth Scopes

OAuth scopes define what your bot can and cannot do. Getting these right is critical. Too few scopes and your agent cannot function. Too many and you are granting unnecessary access.

Navigate to OAuth & Permissions in the left sidebar. Scroll down to Scopes and add the following Bot Token Scopes:

Required Scopes

Optional Scopes (Recommended)

Important: Only add Bot Token Scopes, not User Token Scopes. Bot tokens are workspace-level and controlled by admins. User tokens act on behalf of individual users, which is rarely what you want for an AI agent and introduces unnecessary permission escalation.

Step 3: Enable Event Subscriptions

Slack uses an Events API to notify your bot when messages arrive. This is the mechanism that triggers your agent to respond.

1. In the left sidebar, click Event Subscriptions.
2. Toggle Enable Events to On.
3. In the Request URL field, enter your webhook endpoint. For self-hosted OpenClaw, this is typically https://yourdomain.com/api/slack/events. Slack will send a verification challenge to confirm the URL is reachable.
4. Under Subscribe to bot events, add:
   • message.channels (messages in public channels)
   • message.groups (messages in private channels)
   • message.im (direct messages)
   • app_mention (when the bot is @mentioned)
5. Click Save Changes.

A note on Socket Mode vs. HTTP Events API: Slack offers Socket Mode as an alternative to webhook-based event delivery. Socket Mode uses a WebSocket connection instead of requiring a public URL. While this seems simpler (no public endpoint needed), the HTTP Events API is more reliable for production use. It handles retries natively, integrates with standard webhook infrastructure, and does not require maintaining a persistent WebSocket connection. For production agents, use the HTTP Events API.

Step 4: Install the App to Your Workspace

1. Go to OAuth & Permissions in the sidebar.
2. Click Install to Workspace.
3. Slack will show you the permissions your app is requesting. Review them and click Allow.
4. After installation, you will see a Bot User OAuth Token starting with xoxb-. Copy this token. You will need it for the OpenClaw configuration.

Security note: The xoxb- token is a secret. Anyone with this token can act as your bot in your workspace. Never commit it to version control. Never paste it in a public channel. Store it in your environment variables or a secrets manager.

Get the Signing Secret

1. Go to Basic Information in the sidebar.
2. Under App Credentials, find the Signing Secret.
3. Copy this value. It is used to verify that incoming webhook requests are authentically from Slack, not from an attacker spoofing requests to your endpoint.

Step 5: Configure OpenClaw's Slack Plugin

With the Slack app created and installed, the next step is configuring OpenClaw to use it. The Slack plugin is built into OpenClaw, so there is nothing to install. You just need to add the configuration to your OpenClaw config file.

Basic Configuration

# In your OpenClaw configuration file (config.yaml or .env)

plugins:
  entries:
    slack:
      enabled: true

channels:
  slack:
    botToken: "xoxb-your-bot-token-here"
    appToken: "xapp-your-app-token-here"  # Only needed for Socket Mode
    signingSecret: "your-signing-secret"
    dmPolicy: "pairing"   # Require user approval before DM conversations

The dmPolicy: "pairing" setting is critical for security. With pairing enabled, new users who DM the bot must be approved before the agent responds. Without it, anyone in your workspace can interact with the agent, including guest users and users from shared channels.

Environment Variables (Recommended)

Instead of putting secrets directly in your config file, use environment variables:

# .env file (never commit this to version control)
SLACK_BOT_TOKEN=xoxb-your-bot-token-here
SLACK_SIGNING_SECRET=your-signing-secret

Then reference them in your config:

channels:
  slack:
    botToken: "${SLACK_BOT_TOKEN}"
    signingSecret: "${SLACK_SIGNING_SECRET}"
    dmPolicy: "pairing"

Invite the Bot to Channels

Your bot will not automatically appear in channels. You need to invite it:

1. Open the Slack channel where you want the agent to operate.
2. Type /invite @YourBotName and press Enter.
3. The bot will join the channel and start receiving events.

For DMs, users just need to find the bot in the sidebar and start a conversation. If dmPolicy is set to "pairing", the user will need approval before the agent responds.

Step 6: Understanding Channel Routing

One of the most powerful aspects of Slack integration is the routing model. Unlike Telegram or WhatsApp where each conversation is a simple 1:1 exchange, Slack has multiple conversation types that each work differently.

Direct Messages (DMs)

DMs are the simplest model. A user messages the bot directly, and the agent responds. This is a private 1:1 conversation. Other users cannot see it. The agent maintains conversation context within the DM, so follow-up messages reference previous context naturally.

DMs are ideal for:

• Personal task management ("Schedule a meeting with Sarah for next Tuesday")
• Confidential queries ("What is our current churn rate?")
• Agent configuration ("Change your default response format to bullet points")

Channel Messages

When the bot is invited to a channel, it receives all messages posted there. The behavior depends on your configuration:

• Respond to all messages: The agent processes every message in the channel. This works for dedicated channels like #ask-ai or #agent-tasks where every message is intended for the agent.
• Respond to @mentions only: The agent stays silent unless someone @mentions it. This is better for busy channels where the agent should only respond when explicitly called upon.
• Respond to keyword triggers: The agent watches for specific keywords or phrases and responds when they appear. Useful for monitoring channels and jumping in when relevant topics come up.

Threaded Replies

When the agent responds to a channel message, it replies in a thread by default. This keeps the main channel clean and groups the conversation with the original request. Users can continue the thread for follow-up questions, and the agent maintains context within the thread.

@Mentions

@mentioning the bot in any channel it has been invited to triggers a response. This is the most common pattern for shared channels: @Agent summarize the last 10 messages or @Agent what is the status of JIRA-1234?

When multiple agents are present (more on this below), @mentions combined with keyword routing let you direct messages to specific agents: @Agent hey Alex, check the deployment logs routes to the agent with "Alex" as a mention keyword.

Multi-Agent Setup: Multiple Agents in One Workspace

This is where Slack integration gets genuinely powerful. Most messaging platforms are designed for 1:1 bot interactions. Slack's architecture supports running multiple AI agents in a single workspace, each with its own identity and responsibilities.

Why Multi-Agent?

A single general-purpose agent works for small teams. As your team grows and your use cases multiply, specialized agents perform better:

• Alex (Support): Monitors #customer-support, handles ticket triage, drafts responses
• Dev (Engineering): Watches #incidents, checks deployment health, reviews PRs
• Sam (Sales): Processes #leads, researches prospects, drafts outreach

Each agent runs on its own dedicated server with its own AI model configuration, skills, memory, and credentials. They share the same Slack workspace but are completely isolated at the infrastructure level.

How Multi-Agent Routing Works

The routing system uses a priority cascade to determine which agent handles each message:

1. DM routing (highest priority): Each Slack user is mapped to a specific agent for DMs. When a user opens a DM with the bot, they are routed to their assigned agent. If only one agent is configured, users are auto-assigned. If multiple agents exist, the user is prompted to choose.
2. Keyword routing: Each agent has mention keywords (e.g., "alex", "alex support"). When a message in a channel contains one of these keywords, it routes to that agent. Word-boundary matching prevents false positives ("rick" will not match "brick").
3. Channel routing: Specific channels can be assigned to specific agents. All messages in #customer-support route to the support agent. All messages in #engineering route to the DevOps agent.
4. Default routing (lowest priority): One agent can be marked as the default. Any channel message that does not match keyword or channel rules falls through to the default agent.

Messages that do not match any route are silently ignored. The bot does not respond with "I don't know which agent to use." It simply stays quiet.

Per-Agent Identity

Each agent posts to Slack with its own display name and avatar. When Alex (Support) responds in #customer-support, the message shows "Alex (Support)" with a custom avatar. When Dev (Engineering) responds in the same channel, it shows "Dev (Engineering)" with a different avatar.

This is possible because of the chat:write.customize OAuth scope. Without this scope, every agent posts under the generic app name, making it impossible for users to tell which agent is responding.

The display name and avatar are configured per agent, not per message. You set them once during agent setup and they apply to every message that agent sends.

File Sharing: Inbound and Outbound

Slack's file sharing capabilities go well beyond simple text messages. Your agent can receive files from users and send files back. Here is how both directions work.

Inbound Files (User to Agent)

When a user shares a file in a conversation with the bot, the event payload includes file metadata: URL, filename, MIME type, and size. The agent can then download and process the file.

Images: Images are downloaded from Slack's servers (using the bot token for authentication), converted to base64, and forwarded to the agent's vision model. The agent can describe, analyze, or extract information from images. This works with screenshots, photos, diagrams, charts, and any other image format Slack supports.

Documents: Non-image files (PDFs, spreadsheets, text files, code files) are downloaded and saved to the agent's workspace directory. The agent receives a notification about the new file with its path, name, and size. It can then read, parse, summarize, or process the document using its available tools.

There are practical limits. Image processing uses the LLM's vision capabilities, so very large images may be downscaled. Document files are capped at approximately 1.5 MB for inbound processing due to the way file data is transferred to the agent's server. Files with blocked extensions (executables, scripts, archives) are rejected for security.

Outbound Files (Agent to User)

The agent can upload files to Slack channels and DMs. This uses Slack's modern 3-step upload API (the legacy files.upload endpoint was sunset in November 2025):

1. Request upload URL: The agent calls files.getUploadURLExternal to get a presigned URL and file ID.
2. Upload binary data: The file content is uploaded to the presigned URL.
3. Complete and share: The agent calls files.completeUploadExternal to share the file to the target channel or thread.

This allows the agent to share generated reports, exported data, created images, code files, or any other document type directly in the conversation.

Security: OAuth Tokens and Workspace Isolation

Slack integration introduces a new set of security considerations. Your bot token has real permissions in your workspace. Handling it correctly is non-negotiable.

Workspace-Level vs. User-Level Tokens

Slack provides two types of tokens:

• Bot tokens (xoxb-): Workspace-level. Controlled by workspace admins. The bot acts as itself, not as any specific user. Permissions are limited to the scopes you configured. This is what you should use for AI agents.
• User tokens (xoxp-): Act on behalf of an individual user. They inherit that user's permissions, which can include reading any channel, managing workspace settings, and more. Do not use user tokens for AI agents. The attack surface is dramatically larger.

Always use bot tokens. They have a clearly defined, minimal permission set that you control through OAuth scopes.

Token Storage

Your xoxb- bot token is the key to your Slack workspace. If it leaks, an attacker can read messages, post as your bot, download files, and more. Proper storage is essential:

• Never store tokens in plain text in configuration files, version control, or environment variable files that are committed to Git.
• Use encrypted storage. Tokens should be encrypted at rest using AES-256-GCM or equivalent. Decrypt only when needed for API calls.
• Rotate tokens periodically. If you suspect a token has been compromised, revoke it immediately in the Slack app settings and generate a new one.
• Limit access. Only the services that need the token should have access to it. On a self-hosted setup, this means the token lives in your .env file on the server, not in a shared secrets store that other services can access.

Webhook Verification

Every incoming webhook from Slack should be verified using HMAC-SHA256 signature verification. Slack signs every request with your app's Signing Secret. The verification process:

1. Extract the X-Slack-Request-Timestamp and X-Slack-Signature headers from the incoming request.
2. Reject requests with timestamps older than 5 minutes (replay attack protection).
3. Compute the expected signature: v0=HMAC-SHA256(signing_secret, "v0:{timestamp}:{raw_body}").
4. Compare signatures using a timing-safe comparison function to prevent timing attacks.

Without this verification, anyone who discovers your webhook URL can send fake events to your agent, potentially tricking it into executing commands or leaking information. On ClawTrust, signature verification is built into the webhook handler and cannot be disabled.

DM Pairing

DM pairing is an OpenClaw security feature that requires explicit approval before the agent responds to a new user's DM. Without pairing, any user in your Slack workspace (including guests, contractors, and shared-channel members) can interact with your agent immediately.

With pairing enabled, new DM conversations require approval from an admin or the account owner. This prevents unauthorized users from querying your agent for sensitive information or triggering automated workflows.

For most business deployments, DM pairing should be enabled. The only exception is fully public-facing agents where you intentionally want anyone to interact with them.

Troubleshooting Common Issues

Slack integration is generally reliable, but there are common issues that trip people up during setup and ongoing operation.

Bot Not Responding to Messages

Problem: You send a message in a channel or DM and the bot does not respond.

Check these in order:

1. Is the bot invited to the channel? Bots do not receive events from channels they have not been invited to. Use /invite @BotName.
2. Are Event Subscriptions enabled? Go to your Slack app settings and verify that Event Subscriptions are toggled on and your Request URL shows a green checkmark.
3. Is your webhook endpoint reachable? Slack needs to reach your server over HTTPS. If you are self-hosting, make sure your domain has a valid SSL certificate and your firewall allows inbound HTTPS traffic to the webhook endpoint.
4. Check the OpenClaw logs. Run docker compose logs openclaw on your server. Look for incoming Slack event messages and any error responses.
5. Is the bot token valid? Tokens can be revoked if the app is reinstalled or the workspace admin resets credentials. Verify the token starts with xoxb- and test it with a simple API call: curl -H "Authorization: Bearer xoxb-YOUR-TOKEN" https://slack.com/api/auth.test
6. Is the AI model API key working? The agent might receive the message but fail to generate a response because the AI provider returned an error. Check your OpenRouter or model provider dashboard for failed requests.

Bot Responding to Its Own Messages

Problem: The bot enters an infinite loop, responding to its own messages.

Solution: Every Slack event includes a bot_id field if the message was sent by a bot. Your event handler should check if the sender's bot ID matches your app's bot user ID, and ignore those events. OpenClaw's built-in Slack plugin handles this automatically. If you are writing a custom handler, always filter out self-messages.

Duplicate Responses

Problem: The bot sends two or three responses to the same message.

Cause: Slack retries event delivery if it does not receive a 200 response within 3 seconds. If your agent takes longer than 3 seconds to process a message (which is common for LLM responses), Slack sends the event again. Your handler processes it a second time, resulting in a duplicate response.

Solution: Return a 200 response immediately when you receive the event, then process the message asynchronously. Use message deduplication based on the event's timestamp or event ID to prevent processing the same event twice. On ClawTrust, events are processed via an async job queue with built-in deduplication.

Files Not Being Processed

Problem: Users share files but the agent does not acknowledge or process them.

Check:

• Verify the files:read scope is added to your bot token scopes.
• Check that your event subscription includes message.channels, message.groups, or message.im (file events come as part of message events, not as separate events).
• For images, verify your agent has vision model capabilities enabled. Not all LLMs support image input.
• For documents, check that the file is under the size limit (approximately 1.5 MB for inbound processing) and is not a blocked file type.

Rate Limiting

Problem: Slack returns 429 errors or the bot stops responding during high-volume periods.

Cause: Slack enforces rate limits on API calls. The chat.postMessage endpoint allows approximately 1 message per second per channel. If your agent tries to send multiple messages rapidly (e.g., responding to a backlog of messages after downtime), it will hit rate limits.

Solution: Implement exponential backoff for API calls. When you receive a 429 response, check the Retry-After header and wait the specified number of seconds before retrying. Queue outgoing messages and send them with appropriate spacing.

Advanced Configuration

Customizing the Bot Profile

Beyond the per-message identity override with chat:write.customize, you can customize the bot's default profile:

1. Go to your Slack app settings.
2. Click App Home.
3. Set the bot's Display Name and Default Username.
4. Upload an app icon under Basic Information > Display Information.

The default profile is used in DMs and in any channel message where the identity override is not applied. Make it descriptive and professional.

Slash Commands

You can add slash commands to your Slack app for quick actions:

1. Go to Slash Commands in your app settings.
2. Click Create New Command.
3. Set the command (e.g., /agent), request URL, and description.

Slash commands are useful for structured interactions: /agent status, /agent summarize #channel, or /agent create-ticket "Bug in login flow". They provide a clear, predictable interface for common actions.

Interactive Messages

Slack supports interactive components in messages: buttons, dropdown menus, date pickers, and modal dialogs. While OpenClaw does not natively generate interactive messages, you can build custom skills that format responses with Slack's Block Kit markup. This enables approval workflows, interactive forms, and multi-step processes directly in Slack.

Managed Slack on ClawTrust

Everything described above is the DIY approach. It works, and if you enjoy configuring infrastructure, it is a worthwhile exercise. But it is also hours of setup, testing, and ongoing maintenance.

On ClawTrust, Slack integration is a managed service. Here is what that means in practice.

Multi-Agent Routing, Configured from Your Dashboard

ClawTrust's multi-agent Slack gateway handles all routing logic automatically. You configure everything from the dashboard:

• Assign agents to channels: Drag and drop. Support agent handles #customer-support. DevOps agent handles #incidents.
• Set mention keywords: Type the keywords that route messages to each agent. "alex" and "support" route to the support agent. "dev" and "deploy" route to the DevOps agent.
• Configure DM routing: Choose how new users are assigned to agents. Auto-assign if you have one agent. Interactive prompt if you have multiple.
• Set a default agent: One agent catches everything that does not match a specific route.

Per-Agent Identity

Each agent posts with its own custom username and avatar. Set the display name and upload an avatar image for each agent in the dashboard. In channels where multiple agents operate, your team always knows exactly which agent is responding.

The identity override uses a single workspace-level bot token with the chat:write.customize scope. You install one Slack app to your workspace. ClawTrust handles the per-message identity switching behind the scenes.

Image Support

When a user shares an image in a Slack conversation with your agent, ClawTrust automatically downloads the image, converts it to the correct format, and forwards it to the agent's vision-capable LLM. The agent can describe images, extract text from screenshots, analyze charts, identify objects, and more.

This works seamlessly with OpenClaw's vision capabilities. The user shares an image in Slack. The agent responds with analysis. No configuration required.

File Uploads

ClawTrust handles the full 3-step Slack file upload flow for outbound files. When your agent generates a report, creates a document, or exports data, it can share the file directly to any Slack channel or DM thread. The modern upload API is handled automatically, with no need to deal with presigned URLs or completion callbacks in your agent's configuration.

Inbound document files (PDFs, spreadsheets, text files) are downloaded from Slack and saved to the agent's secure workspace. The agent is notified of the new file and can process it using its available tools.

Security, Built In

All Slack tokens are encrypted at rest using AES-256-GCM on ClawTrust's control plane. Webhook signature verification using HMAC-SHA256 is always active and cannot be bypassed. Replay protection rejects events older than 5 minutes. The bot token never touches the agent's VPS directly. It stays on the control plane, and ClawTrust proxies the necessary Slack API calls.

This is the same security architecture that protects every other aspect of your agent's infrastructure. Learn more about ClawTrust's approach to OpenClaw security hardening.

One-Click Setup

On ClawTrust, connecting Slack to your agent takes about two minutes:

1. Click "Connect Slack" on your agent's dashboard page.
2. Authorize the ClawTrust Slack app in your workspace.
3. Configure agent routing (channels, keywords, DM assignment).
4. Done. Your agent is live in Slack.

No Slack app creation. No OAuth scope configuration. No webhook URL setup. No signing secret management. ClawTrust handles the app, the permissions, the webhook processing, and the token security.

OpenClaw Slack Plugin Configuration Reference

For self-hosted users who want a quick reference, here is the complete configuration with all options:

# OpenClaw Slack Plugin Configuration
plugins:
  entries:
    slack:
      enabled: true

channels:
  slack:
    botToken: "${SLACK_BOT_TOKEN}"           # xoxb- token (required)
    signingSecret: "${SLACK_SIGNING_SECRET}"  # For webhook verification (required)
    dmPolicy: "pairing"                       # "pairing" (recommended) or "open"

    # Optional: App-level token for Socket Mode (not recommended for production)
    # appToken: "${SLACK_APP_TOKEN}"          # xapp- token

    # Optional: Channel-specific behavior
    # channelPolicy: "mention"               # "all" or "mention" (respond to @mentions only)

For a complete OpenClaw installation walkthrough, see our How to Set Up OpenClaw guide. For hardening your self-hosted instance, see the Security Hardening Guide.

Frequently Asked Questions

Can I connect multiple Slack workspaces to one agent?

Yes. A single agent can serve multiple Slack workspaces. Each workspace has its own bot token and configuration. This is useful for agencies or businesses that operate across multiple Slack workspaces.

Does the agent maintain conversation history across channels?

The agent maintains context within a conversation thread. DM conversations have their own history. Channel threads have their own history. The agent does not carry context from a DM into a channel response or vice versa, which is important for privacy.

Can the agent read messages from before it was invited to a channel?

No. The bot only receives events for messages sent after it joins a channel. It cannot access historical messages unless you explicitly use the Conversations API to fetch history, which requires the channels:history scope.

What happens if the agent's server goes down?

Slack will retry event delivery for up to 3 hours when your webhook endpoint is unreachable. When the server comes back online, it will receive and process the queued events. On ClawTrust, health monitoring detects downtime within 15 minutes and auto-remediates common issues (container restarts, process recovery).

Get Started

Slack is the natural home for team AI agents. Your people are already there. The infrastructure supports rich interactions, file sharing, and multi-agent identity. And with proper security, your agent can operate as a trusted team member, not a liability.

Whether you are self-hosting OpenClaw or using ClawTrust, the setup is straightforward. The self-hosted path gives you full control. The managed path gets you running in minutes.

Deploy Your Agent to Slack See the Security Architecture

Chris DiYanni is the founder of ClawTrust. Previously at Palo Alto Networks, SentinelOne, and PagerDuty. He builds security infrastructure so businesses can trust their AI agents with real work.