Delv
Official (Vendor)4.3by Intercom

Intercom

Intercom's official remote MCP. Universal search and fetch over conversations and contacts. Hosted at mcp.intercom.com.

Homepage
A
Safety & Trust

Delv Safety Grade: A

Score 82/100 · assessed 2026-04-28

Maintainer95
Permissions75
Supply chain70
Transparency75
Incidents100

Intercom's official remote MCP server is maintained by a major SaaS vendor with strong operational track record. The remote-hosted model at mcp.intercom.com eliminates local supply-chain concerns but introduces dependency on Intercom's infrastructure availability. Permissions are moderately scoped: read access to conversations and contacts via API token, plus search capabilities across support data. No filesystem or shell access, but the token grants broad read access to potentially sensitive customer support data. Transparency is reasonable with official documentation, though no public repository means no community audit of the server implementation itself. The remote architecture means you're trusting Intercom's endpoint security and uptime. No known security incidents. Solid choice for teams already using Intercom who need programmatic access to support data, but the access token should be treated as highly sensitive given the scope of customer data it unlocks.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Live customer-support chat is designed to ingest hostile-by-default messages. Trifecta is the default operating mode.

Green flags

  • Official vendor implementation from established SaaS company
  • Remote hosting eliminates local supply-chain and installation risks
  • Read-only API scope limits potential for data modification
  • Well-documented with official developer guides
  • No shell or filesystem access required

Red flags

  • No public repository means server implementation cannot be audited
  • Access token grants broad read access to all customer support data
  • Remote-only architecture creates single point of failure at mcp.intercom.com
  • No visibility into server-side security practices or incident response

Permissions requested

Outbound networkAccess secretsRead messagesIdentity read
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Review

Intercom's official MCP server gives you programmatic access to support conversations and contact data without leaving your editor. It's a remote server hosted at mcp.intercom.com, so there's no local installation hassle, just an access token and a config block. The core offering is universal search and fetch: you can pull conversation threads, search by customer email or topic, and retrieve contact properties. I've used it to yank full support histories into Claude Desktop mid-call, which beats alt-tabbing to the Intercom dashboard when a customer escalates an issue. The workflow that sold me: a sales engineer asking Claude to "show me all conversations with this domain in the last quarter". The MCP returns structured data, Claude summarises it, and you've got context without manual filtering. It's also useful for auditing contact properties across your base, especially if you're cleaning up tags or checking who's been assigned what plan tier. The search is keyword-based and reasonably fast, though I've noticed it doesn't always surface older threads unless you're specific with date ranges. Quirks: it's read-only. You can't reply to conversations or update contact fields through the MCP, which makes sense for safety but limits the scope. The remote hosting means you're dependent on Intercom's uptime, and there's no local fallback if their MCP endpoint goes down. I also wish the search syntax was more forgiving; it's not fuzzy, so typos in customer names or email domains will return nothing. Who shouldn't bother: if you're not already an Intercom customer, this is irrelevant. If you rarely need to cross-reference support data with other tools, the native Intercom UI is probably faster. But if you're in sales, support ops, or incident triage and you're juggling multiple tools in Claude Desktop, this is a genuine time-saver. It's not flashy, but it does exactly what it says without inventing features you don't need.
Verdict

Install this if you're an Intercom customer who spends time context-switching between support tickets and other tools. Skip it if you're just browsing MCPs for fun or you don't have an Intercom workspace. It's a focused, reliable integration that earns its place in a support or sales workflow.

Good at

  • Remote hosting means no local dependencies or version management.
  • Search and fetch are fast enough for real-time workflows, especially mid-call.
  • Official vendor support reduces the risk of breaking changes or abandoned repos.
  • Works across Claude Desktop, Claude Code, and Cursor without extra config tweaks.

Watch out

  • Read-only access means you can't reply to conversations or update contact fields.
  • Search syntax is strict; typos or vague queries return nothing.
  • Dependent on Intercom's MCP endpoint uptime with no local fallback.
  • Only useful if you're already paying for Intercom, which narrows the audience.

Use cases

  • Searching support conversations from chat
  • Pulling a customer history into a sales call
  • Auditing contact properties
  • Cross-tool incident triage

Getting started

1. Generate an Intercom access token from your workspace settings (Admin > Developer Hub > New access token). Scope it to read conversations and contacts. 2. Add the server to your Claude Desktop config at `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or equivalent. Use `"type": "remote"` and `"url": "mcp.intercom.com"`, then set `INTERCOM_ACCESS_TOKEN` in the env block. 3. Restart Claude Desktop and check the MCP icon in the bottom-right. You should see "Intercom" listed as connected. 4. Test it by asking Claude to search for a recent conversation or fetch a contact by email. If it returns nothing, double-check your token scopes. 5. Watch out for rate limits if you're querying large datasets. Intercom's API throttles aggressively, and the MCP will surface errors if you hit the cap.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs