Skip to main content

Available tools

SlackHive agents can use three categories of tools:

Always-allowed tools

Two tools are always available to every agent regardless of permissions settings:
ToolPurpose
ReadRead files from the agent’s working directory. Used to read project context, CLAUDE.md, and reference files.
WriteWrite files to the agent’s working directory. Required for the memory system — agents must be able to write memory/*.md files.
These tools cannot be removed via the permissions UI. They are hardcoded in the runner as alwaysAllowed = ['Read', 'Write'].

MCP server tools

Tools provided by assigned MCP servers. Each tool is prefixed with mcp__{serverName}__:
  • mcp__redshift__query — a query tool from a server named redshift
  • mcp__github__create_issue — a create_issue tool from a server named github
  • mcp__filesystem__read_file — a read_file tool from a server named filesystem
All tools from all assigned MCP servers are automatically allowed when a server is assigned to an agent. To restrict specific tools, use the denylist.

Additional Claude tools

The Claude Code provides built-in tools beyond Read and Write. These can be added to the agent’s allowlist:
ToolDescription
BashExecute shell commands
EditMake targeted edits to files
MultiEditMake multiple edits to a file at once
GlobFind files by pattern
GrepSearch file contents
LSList directory contents
WebFetchFetch content from a URL
WebSearchSearch the web
TodoReadRead the agent’s task list
TodoWriteUpdate the agent’s task list

Configuring permissions

Agent tool permissions are managed from the Tools tab on the agent’s detail page.

Allowlist

Tools in the allowlist are available to the agent. The effective tool set is: 
effective = (alwaysAllowed + allowlist + mcpToolPrefixes) - denylist
To add a tool, type its name (e.g. Bash, WebFetch) or paste an MCP tool prefix (e.g. mcp__redshift) to allow all tools from that server.

Denylist

Tools in the denylist are blocked even if they appear in the allowlist. Use this to selectively exclude tools from an MCP server you’ve otherwise allowed. For example, to allow a GitHub MCP server but block the delete_branch tool:
  • Allowlist: mcp__github (allows all GitHub tools)
  • Denylist: mcp__github__delete_branch (blocks this specific tool)

Default behavior

When no permissions are configured for an agent:
  • Read and Write are always available
  • All tools from assigned MCP servers are available
  • No additional Claude Code tools are available

Permission mode

All SlackHive agents run with permissionMode: 'acceptEdits'. This means:
  • File edits and tool use are automatically approved without prompting
  • Claude does not need to ask for confirmation before running tools
  • The only control is through the allowlist/denylist
This is appropriate for the Slack context where agents are expected to act autonomously.

MCP server tool prefixes

When you assign an MCP server to an agent, its tool prefix (mcp__{serverName}) is automatically added to the allowlist. Removing the server from the agent removes the prefix from the allowlist. If you want to assign an MCP server but only allow specific tools from it:
  1. Assign the server (adds mcp__{serverName} prefix)
  2. Add the specific tools you want to the allowlist directly (e.g. mcp__redshift__query)
  3. Add mcp__{serverName} to the denylist to remove the broad prefix
Or equivalently, don’t assign the server via the UI but manually add the specific tool names to the allowlist.

Best practices

  • Keep allowlists minimal: Only add tools the agent actually needs for its role
  • Boss agents need no tools: Boss agents should not have MCP servers or extra tools — they delegate rather than act
  • Use Bash carefully: Shell access is powerful; only add it to agents where it’s necessary
  • Use denylist for destructive tools: If an MCP server has delete/destroy tools you don’t want the agent to use, add them to the denylist
  • Write is required for memory: Never add Write to the denylist — it breaks the memory system