CommunityStale· 3mo★ 3.7by tsmztech
Salesforce
Salesforce SOQL, record CRUD, and metadata browsing. Salesforce admins use this to debug + populate sandbox data.
C
Safety & Trust
Delv Safety Grade: C
Score 58/100 · assessed 2026-04-28
Maintainer45
Permissions55
Supply chain35
Transparency65
Incidents100
This community MCP server connects Claude to Salesforce via username, password, and security token authentication. The maintainer (tsmztech) appears to be a solo developer with limited public profile, creating moderate bus factor risk. Permissions are moderately scoped: SOQL queries offer read access across your entire org, whilst CRUD operations enable writes to any standard or custom object. The credential model is concerning because plaintext passwords and tokens sit in config files rather than OAuth flows. No npm or PyPI package exists; users must clone and build from source. The repository is open source with reasonable documentation, though supply chain verification is minimal. No known security incidents, but the authentication pattern and lack of packaged distribution elevate risk for production orgs. Best suited for sandbox environments where credential exposure has limited blast radius.
Lethal Trifecta (prompt-injection exposure)
TRIFECTA RISKAll three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Enterprise CRM. Largest outbound surface in the catalogue. Same trifecta logic as the others.
Green flags
- Open source repository with visible code for audit
- Scoped to Salesforce API, no shell or filesystem access
- Clear use case for sandbox data population and debugging
- No known security incidents or malicious behaviour
Red flags
- Plaintext password + token in config instead of OAuth flow
- Solo maintainer with limited public track record
- No package registry distribution, clone-and-build only
- Full org read/write scope without granular permission controls
- Credentials grant access to all Salesforce data and metadata
Permissions requested
Outbound networkAccess secretsDB readDB writeIdentity read
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Review
This MCP server bridges Claude Desktop or Cursor to your Salesforce org, exposing SOQL queries, record CRUD, and metadata browsing as tools. You authenticate with username, password, and security token, then ask Claude to query Contacts, update Opportunities, or describe custom objects without leaving your editor.
I'd reach for this when populating sandbox data or debugging why a workflow rule isn't firing. You can ask Claude to "create 50 test Accounts with randomised names and industries" or "show me all Leads created this week where Status equals 'Qualified'". It handles the SOQL syntax and field API names, which is faster than switching to Workbench or the Developer Console. The metadata browsing is particularly useful when you inherit an org and need to understand custom field dependencies.
The authentication model is the main quirk. Salesforce security tokens expire when you reset your password or change your IP, and the server doesn't surface helpful error messages when that happens. You'll just see vague authentication failures in Claude's logs. Also, this uses the SOAP API under the hood, so if your org has API limits or IP whitelisting, you'll hit those constraints. No OAuth flow, no connected app setup, just raw credentials in your config file.
This isn't for production data manipulation. The lack of transaction rollback or confirmation prompts means a misunderstood prompt could update hundreds of records. It's a sandbox tool. Admins who need to script repetitive setup tasks will find it faster than writing Apex or Data Loader macros. Developers who occasionally need to inspect Salesforce data while building integrations will appreciate not context-switching. If you're a consultant juggling multiple orgs, the credential management becomes tedious quickly since you can't switch orgs without editing the config file.
The repo is maintained by tsmztech, not an official Salesforce project, so expect community support rather than enterprise SLAs. Documentation is sparse but the tool surface is small enough that you can figure it out by asking Claude what tools are available.
Verdict
Install this if you're a Salesforce admin who spends time in sandboxes and wants to automate repetitive data tasks through natural language. Skip it if you need production-grade audit trails, multi-org switching, or if your org has strict API governance. It's a time-saver for the right workflow, but the credential model and lack of guardrails make it a sandbox-only tool.
Good at
- Natural language SOQL saves you from memorising field API names and relationship syntax when querying custom objects.
- Metadata browsing lets you ask Claude to describe object schemas, which is faster than clicking through Setup when reverse-engineering an unfamiliar org.
- Record CRUD through prompts is genuinely faster than Data Loader for one-off sandbox tasks like creating test data sets.
- Works in Cursor as well as Claude Desktop, so you can query Salesforce data while writing integration code in the same window.
Watch out
- Security token authentication is fragile and expires silently when you reset your password or change networks, with no helpful error messages.
- No multi-org support means you edit the config file every time you switch between sandboxes, which is tedious for consultants.
- No confirmation prompts or transaction rollback, so a misunderstood instruction could bulk-update records with no undo.
- Sparse documentation assumes you already understand Salesforce API concepts and MCP server configuration.
- Community-maintained rather than official, so expect slower responses to issues and no enterprise support contract.
Getting started
1. Clone the repo from github.com/tsmztech/mcp-server-salesforce and install dependencies with npm install in the project directory.
2. Generate a Salesforce security token by going to Setup > Personal Information > Reset My Security Token in your sandbox org, then check your email.
3. Add the server to your Claude Desktop config at ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) with the path to the server script and environment variables for SALESFORCE_USERNAME, SALESFORCE_PASSWORD, and SALESFORCE_TOKEN (password + token concatenated).
4. Restart Claude Desktop, open a new conversation, and ask "What Salesforce tools are available?" to verify the connection.
5. Watch out for security token expiry - if authentication suddenly fails, regenerate the token and update your config before assuming the server is broken.
Works with
Claude DesktopCursor
Similar MCPs
- Lara Translate MCPProfessional translation with language detection, context-aware translations, translation memories, and glossaries.
- Make MCPTurns Make automation scenarios into callable tools for AI assistants, bridging 1,000+ apps through Make workflows.
- CCXT MCPCrypto exchange integration using CCXT, covering spot, futures, OHLCV, balances, and orders across 20+ exchanges.
- HubSpotHubSpot's MCP for CRM workflows: contacts, deals, tickets, properties. Distributed via NPM, see the developer docs for install steps.