Cursor + Slack: How to Let Your AI Dev Agent Post Status Updates
Your AI coding agent just fixed a bug and opened a PR. Should it also post to #engineering? Only if you've set it up intentionally — here's how to do it without handing Cursor the keys to every channel.
Cursor can notify your team when it opens a PR, finishes a refactor, or hits a blocker. That's genuinely useful in a team environment. The same connection, configured carelessly, lets your AI agent post to any channel at any time — including DMs, announcements, and channels it has no business touching.
When Cursor-to-Slack Makes Sense
PR opened
Posts a summary to #engineering with the branch name and what changed
Build failed
Notifies #dev-alerts when a Vercel deploy fails with the error summary
Task completed
Posts a completion note when a multi-step refactor is done
Needs unblocking
Sends a message when the agent hits something it needs your input on
The Risk of Unconfigured Slack Access
What can go wrong
Without channel-scoped permissions, a Cursor agent with Slack access can post to any channel it discovers — including #announcements, #general, client channels, or executive DMs. An ambiguous prompt like "let the team know" can result in messages going places nobody intended.
Step 1: Connect Slack in Stow
- Navigate to Connected Services → Add New Service → Slack
- Click Connect and complete the OAuth flow — authorize Stow to access your Slack workspace
- Stow stores the OAuth token; Cursor never holds it directly
Step 2: Configure Slack Permissions
Recommended Configuration for Dev Workflows
Posting to DMs can flow freely — Cursor sending you a private update is low risk. Posting to channels needs approval — once it's in a channel, your whole team sees it. Set it to approval-required and you get a preview before it posts.
Step 3: Connect Cursor to Stow
- In Stow, go to AI Agents → + Add Agent, name it "Cursor", generate a Client Secret
- In Cursor Settings, go to Tools & MCP → + New MCP Server and add the SSE config
Prompts That Work Well
Channel Scope: The Practical Approach
The most effective setup is a dedicated channel — something like #cursor-updates — where Cursor posts status messages with full permission. You get team visibility without the risk of Cursor accidentally posting to a client-facing or high-traffic channel.
Set posting to #cursor-updates to Allowed. Set posting to everything else to Approval Required or Off. Cursor announces things where you've told it to announce them, and nowhere else.
What Gets Logged
Stow Security Team
April 19, 2026