SlackClaw is OpenClaw — the most popular open-source AI agent framework — running natively inside Slack. It automates reports, triages PRs, sends emails, and coordinates across 3,000+ tools, all from your Slack workspace. Unlike traditional chatbots, SlackClaw runs on a dedicated server with persistent memory, so it remembers context across conversations and acts proactively.

How is SlackClaw different from setting up OpenClaw with Slack myself?

Self-hosting OpenClaw with Slack requires configuring Socket Mode or webhook endpoints, managing bot tokens, setting up OAuth scopes, maintaining a server, and handling updates. SlackClaw handles all of that — one click to install, always on, fully managed. You get a dedicated server with 8 vCPUs and 16GB RAM, encrypted secrets vault, and automatic updates without any infrastructure work.

How much does SlackClaw cost?

SlackClaw is free to start with $100 in credits per workspace. The Team plan starts at $50/month per workspace with 20,000 monthly credits. Pricing is credit-based and metered per action — not per seat — so you can add your entire team without additional cost. Enterprise plans with custom SLAs are also available.

What tools does SlackClaw integrate with?

SlackClaw connects to over 3,000 tools via one-click OAuth, including GitHub, Jira, Linear, Notion, Gmail, HubSpot, Salesforce, Zendesk, Stripe, Figma, PagerDuty, Confluence, Google Drive, and hundreds more. Once connected, the agent can read from and write to these tools autonomously.

Yes. Every team gets a dedicated, isolated server — no shared infrastructure. All secrets are stored in an AES-256 encrypted vault, data is transmitted over TLS, and SlackClaw only reads messages in channels it has been explicitly added to. Your workspace data is never used to train AI models. Full audit logging is available for compliance reviews.

How does SlackClaw compare to Salesforce Agentforce?

Salesforce Agentforce is tightly integrated with the Salesforce ecosystem and uses per-seat pricing. SlackClaw is built on the open-source OpenClaw framework, connects to 3,000+ tools beyond Salesforce, and uses credit-based pricing with no per-seat fees. SlackClaw is ideal for teams that want powerful Slack automation without Salesforce lock-in.

What can SlackClaw automate?

SlackClaw can automate status reports across GitHub, Linear, and Notion; triage and summarize pull requests; draft and send emails; create and update tickets in Jira or Linear; run scheduled workflows like daily standups; coordinate cross-tool data retrieval; handle incident response workflows; and automate new hire onboarding — all triggered from Slack.

Does SlackClaw work with OpenClaw skills?

Yes. SlackClaw is powered by OpenClaw, so it supports custom skills written in plain English. Skills are simple documents that describe a task — no code or configuration needed. You can create skills for any repeatable workflow, trigger them with a Slack mention or run them on a schedule.

How to Configure OpenClaw Permissions in Slack

Why Permissions Matter Before You Do Anything Else

Deploying an autonomous AI agent into your Slack workspace is genuinely powerful — but power without boundaries creates noise, security gaps, and the occasional accidental mass-email to your entire customer list. Before you connect SlackClaw to your first tool or let it loose on a Linear backlog, taking twenty minutes to configure permissions correctly will save you hours of cleanup later.

OpenClaw's permission model is designed around a simple principle: the agent should have access to exactly what it needs, nothing more. Because SlackClaw runs on a dedicated server per team, your configuration is isolated from other workspaces — but that doesn't mean every user in your Slack should be able to invoke every capability the agent has. This guide walks you through the full permission stack, from Slack channel access down to individual tool scopes.

Understanding the Permission Layers

There are three distinct layers where permissions apply in a SlackClaw deployment. Confusing these is the most common source of "why can't the agent do X?" support questions.

Slack-level permissions: Which channels the bot is invited to, and which users or user groups can trigger it.
Tool-level permissions: What the agent is authorized to do within each connected integration (GitHub, Jira, Gmail, Notion, etc.).
Skill-level permissions: Which custom skills are enabled for which users or channels, and whether those skills can act autonomously or require human approval.

Getting all three right is what separates a well-behaved agent from one that your team gradually learns to distrust.

Configuring Slack-Level Access

Inviting the Bot to Channels

SlackClaw won't join channels on its own — you explicitly invite it, which is the first meaningful access control. Use the standard Slack invite flow:

/invite @SlackClaw

Only invite the bot to channels where it genuinely needs to operate. A good starting pattern is to begin with a single #ai-assistant channel, validate behavior, and expand from there. Resist the temptation to drop it into every channel on day one.

Restricting Who Can Trigger the Agent

Inside the SlackClaw admin dashboard, navigate to Settings → Access Control → Slack Triggers. You'll see three modes: Learn more about our security features.

Everyone in workspace — Any member who can message a channel where the bot lives can invoke it.
Specific user groups — Tie invocation rights to existing Slack user groups (e.g., @engineering, @ops-team).
Allowlist by email or user ID — Precise control, useful during rollout or for sensitive automations.

For most teams, starting with Specific user groups is the right balance. It lets you expand access incrementally without reworking your configuration every time someone new joins. Learn more about our pricing page.

Tip: SlackClaw's persistent memory means the agent builds context about your team over time. Limiting early access to power users helps ensure the memory it accumulates is high-quality and representative before you open it up broadly.

Configuring Tool-Level Permissions

This is where most of the nuance lives. SlackClaw connects to 800+ tools via one-click OAuth, which makes setup fast — but fast setup can mean overly broad scopes if you're not paying attention.

The OAuth Authorization Flow

When you connect a tool, you'll go through a standard OAuth consent screen. The key discipline here is to read the requested scopes before clicking Accept. For most integrations, SlackClaw requests a sensible default set, but you can narrow these in Settings → Integrations → [Tool Name] → Manage Scopes after the initial connection.

Here's a practical breakdown for common tools:

GitHub: If the agent only needs to read issues and open PRs, revoke the delete_repo and admin:org scopes. You don't need them, and removing them limits blast radius.
Gmail: Consider using a dedicated service account rather than a personal account, and restrict to gmail.send and gmail.readonly unless compose/draft access is genuinely required.
Notion: Grant access only to the specific workspace pages or databases the agent will interact with, not the entire workspace.
Jira / Linear: Read access plus issue creation is usually sufficient. Reserve transition and delete permissions for explicitly approved automations.

Setting Up Approval Gates for Destructive Actions

For any action that's hard to reverse — sending emails, closing tickets, pushing to a main branch, deleting records — configure an approval gate. In SlackClaw, this is done per-integration:

Settings → Integrations → [Tool Name] → Action Rules

Add Rule:
  Action: create_pull_request → base: main
  Require approval from: @engineering-leads
  Approval channel: #ai-approvals
  Timeout: 30 minutes (then: cancel)

Approval requests surface as interactive Slack messages, so your team doesn't need to leave the workspace to review them. The agent pauses, posts the approval card, and only proceeds when a designated approver clicks Authorize.

Configuring Skill-Level Permissions

Built-In vs. Custom Skills

OpenClaw ships with a set of built-in skills (web search, document summarization, code execution, etc.) and SlackClaw exposes these through the skills configuration panel. Custom skills — workflows you've defined yourself — follow the same permission model but need to be enabled explicitly.

To enable a skill for a specific channel or user group:

Go to Settings → Skills → Manage Skills.
Select the skill you want to configure.
Under Availability, choose All channels, Specific channels, or Specific users.
Set the execution mode: Autonomous or Confirm before running.
Save and test with a direct message to the bot in the target channel.

Autonomous vs. Confirm Mode

The execution mode setting is one of the highest-leverage permission controls in the system. In Confirm before running mode, the agent describes what it's about to do and waits for a thumbs-up before executing. In Autonomous mode, it acts immediately based on context.

A sensible default policy:

Start all skills in Confirm before running mode.
Promote to Autonomous only after you've seen the skill behave correctly at least five to ten times in your environment.
Keep any skill that touches external communication (email, Slack DMs, calendar invites) in Confirm mode indefinitely unless you have a very specific, well-understood use case.

Memory and Context Permissions

SlackClaw's persistent memory is one of its most valuable features — the agent remembers project context, user preferences, prior decisions, and team conventions across sessions. But memory is also a permission surface worth thinking about.

In Settings → Memory → Access Control, you can configure: For related insights, see Use OpenClaw Memory Features in Slack.

Memory scope: Whether context accumulated in one channel is visible to the agent in other channels, or kept strictly per-channel.
User data retention: How long individual user interaction history is retained (relevant for compliance-sensitive teams).
Memory visibility: Whether users can view and edit the agent's stored context about them via the /slackclaw memory command.

For most teams, workspace-wide memory scope gives the agent the richest context and makes it genuinely more useful over time. If you're in a regulated industry or have strict data segregation requirements between departments, per-channel scope is the safer starting point.

A Quick Pre-Launch Checklist

Before you announce SlackClaw to the broader team, run through this list:

Bot is only invited to channels where it's needed.
Invocation access is scoped to a pilot user group, not the entire workspace.
Each connected integration has been reviewed for unnecessary scopes.
Approval gates are configured for any action that modifies external systems.
All custom skills are in Confirm before running mode.
Memory scope matches your team's data sharing expectations.
At least one admin has verified they can view and audit memory contents.

Permissions Evolve — Build a Review Habit

Permissions aren't a one-time configuration. As your team adds new integrations from SlackClaw's library, builds additional custom skills, and the agent accumulates more context, your permission model needs to grow with it. A monthly five-minute review of connected integrations and active skills is enough to catch scope creep before it becomes a problem.

Because SlackClaw uses credit-based pricing with no per-seat fees, there's no financial pressure to add users faster than your permission model can accommodate — you can grow access deliberately, which is exactly the right way to deploy an autonomous agent inside a team environment. For related insights, see Best Practices for OpenClaw Memory Management in Slack.

Get the permissions right early, and the agent becomes something your team trusts. Get them wrong, and you'll spend more time managing the agent than benefiting from it.