slack-expert-skill_skill

This skill helps you build secure, scalable Slack apps with Bolt, Block Kit, OAuth, and API integrations.
  • Python

21

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill 404kidwiz/claude-supercode-skills --skill slack-expert-skill

  • SKILL.md12.6 KB

Overview

This skill provides hands-on Slack platform engineering for building, migrating, and securing Slack apps and bots. It focuses on @slack/bolt implementations (Node/Python patterns), Block Kit UI design, OAuth V2 with PKCE, event handling, and robust API integrations. The goal is production-ready Slack apps with strong security, observability, and user-friendly interactive components.

How this skill works

I inspect your existing Slack app code, manifest, and API usage to find deprecated patterns, security gaps, and scalability issues. I design and implement event handlers, Block Kit layouts, interactive workflows, and OAuth installation flows, then add signature verification, token management, rate-limit handling, and monitoring. Deliverables include working app code, UI JSON for Block Kit, deployment configuration, and testing guidance.

When to use it

  • Building a new Slack app, bot, or interactive workflow
  • Migrating legacy attachments or deprecated APIs to Block Kit and conversations.*
  • Implementing OAuth V2 installation with PKCE and secure token storage
  • Adding slash commands, shortcuts, modals, or complex modal flows
  • Securing a Slack integration with signature verification and token rotation

Best practices

  • Keep secrets in environment variables or a secret manager; never commit tokens
  • Verify request signatures and timestamps in production to prevent replay attacks
  • Prefer Block Kit blocks over legacy attachments for consistent UI
  • Implement exponential backoff and respect rate limit headers
  • Use Socket Mode for local dev and HTTP mode for production with proper ingress

Example use cases

  • Create an approval workflow with interactive approve/reject buttons, modal details, and audit logging
  • Implement OAuth V2 with PKCE, installation endpoints, token rotation, and workspace verification
  • Audit and migrate a bot from channels.* and attachments to conversations.* and Block Kit
  • Add comprehensive error handling, retries for transient failures, and monitoring alerts
  • Design Home tab and multi-step modals for a richer in-app experience

FAQ

I do not access production workspaces without authorization; development and staging installations are recommended for testing.

Which mode is recommended for local development?

Socket Mode is recommended for local development; switch to HTTP mode for production with secure ingress and signature verification.

How are tokens stored and rotated?

Use secure secret storage or a vault, store only encrypted tokens, and implement periodic rotation and revocation workflows.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational