mcp-server-salesforce
by tsmztech
Overview
Enables natural language interaction with Salesforce data and metadata through an MCP server, allowing Claude to query, modify, and manage Salesforce objects, records, and Apex code.
Installation
npx -y @tsmztech/mcp-server-salesforceEnvironment Variables
- SALESFORCE_CONNECTION_TYPE
- SALESFORCE_USERNAME
- SALESFORCE_PASSWORD
- SALESFORCE_TOKEN
- SALESFORCE_CLIENT_ID
- SALESFORCE_CLIENT_SECRET
- SALESFORCE_INSTANCE_URL
Security Notes
CRITICAL: Multiple SOQL/SOSL injection vulnerabilities exist due to direct string interpolation of user-provided arguments (e.g., `whereClause`, `orderBy`, `havingClause` in queries; `className`, `triggerName` in Apex read operations; `profileNames`, `username`, `logId` in permission/log management) into query strings without proper escaping or parameter binding. This contradicts the `SECURITY.md` claim of SOQL input sanitization. Additionally, the server allows full Apex code creation, update, and anonymous execution, which are high-privilege operations and pose a significant risk if the LLM is compromised or manipulated into generating malicious code. The potential for unauthorized data access, modification, or malicious code deployment is high.
Similar Servers
mcp-todoist
Manage Todoist tasks, projects, labels, subtasks, and comments through natural language via an MCP server integration with Claude.
cldcde
A persistent context manager that scrapes, stores, searches, and analyzes AI conversations from various platforms (ChatGPT, Grok, Gemini, Claude) to support project development and insights.
Salesforce-MCP-Server
Transforms Claude Desktop into a powerful Salesforce IDE for development, metadata management, SOQL execution, multi-org operations, and automation through natural language commands.
session-buddy
Manages Claude Code development sessions, providing conversation memory, quality monitoring, token optimization, natural language scheduling, Git worktree management, and AI agent recommendations with team collaboration features.