- Home
- Skills
- 404kidwiz
- Claude Supercode Skills
- Slack Expert Skill
slack-expert-skill_skill
- Python
21
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill 404kidwiz/claude-supercode-skills --skill slack-expert-skill- SKILL.md12.6 KB
Overview
This skill provides hands-on Slack platform engineering for building, migrating, and securing Slack apps and bots. It focuses on @slack/bolt implementations (Node/Python patterns), Block Kit UI design, OAuth V2 with PKCE, event handling, and robust API integrations. The goal is production-ready Slack apps with strong security, observability, and user-friendly interactive components.
How this skill works
I inspect your existing Slack app code, manifest, and API usage to find deprecated patterns, security gaps, and scalability issues. I design and implement event handlers, Block Kit layouts, interactive workflows, and OAuth installation flows, then add signature verification, token management, rate-limit handling, and monitoring. Deliverables include working app code, UI JSON for Block Kit, deployment configuration, and testing guidance.
When to use it
- Building a new Slack app, bot, or interactive workflow
- Migrating legacy attachments or deprecated APIs to Block Kit and conversations.*
- Implementing OAuth V2 installation with PKCE and secure token storage
- Adding slash commands, shortcuts, modals, or complex modal flows
- Securing a Slack integration with signature verification and token rotation
Best practices
- Keep secrets in environment variables or a secret manager; never commit tokens
- Verify request signatures and timestamps in production to prevent replay attacks
- Prefer Block Kit blocks over legacy attachments for consistent UI
- Implement exponential backoff and respect rate limit headers
- Use Socket Mode for local dev and HTTP mode for production with proper ingress
Example use cases
- Create an approval workflow with interactive approve/reject buttons, modal details, and audit logging
- Implement OAuth V2 with PKCE, installation endpoints, token rotation, and workspace verification
- Audit and migrate a bot from channels.* and attachments to conversations.* and Block Kit
- Add comprehensive error handling, retries for transient failures, and monitoring alerts
- Design Home tab and multi-step modals for a richer in-app experience
FAQ
I do not access production workspaces without authorization; development and staging installations are recommended for testing.
Which mode is recommended for local development?
Socket Mode is recommended for local development; switch to HTTP mode for production with secure ingress and signature verification.
How are tokens stored and rotated?
Use secure secret storage or a vault, store only encrypted tokens, and implement periodic rotation and revocation workflows.