mcp-server-salesforce
by tsmztech
Overview
Enable natural language interactions and automation with Salesforce data and metadata for AI models.
Installation
npx -y @tsmztech/mcp-server-salesforceEnvironment Variables
- SALESFORCE_CONNECTION_TYPE
- SALESFORCE_USERNAME
- SALESFORCE_PASSWORD
- SALESFORCE_TOKEN
- SALESFORCE_CLIENT_ID
- SALESFORCE_CLIENT_SECRET
- SALESFORCE_INSTANCE_URL
Security Notes
The server has potential SOQL injection vulnerabilities in `salesforce_query_records`, `salesforce_aggregate_query`, and `salesforce_manage_debug_logs` (when querying for usernames) due to direct string concatenation of user-provided arguments (e.g., `whereClause`, `orderBy`, `username`) into SOQL queries without explicit sanitization. Tools for `salesforce_write_apex`, `salesforce_write_apex_trigger`, and `salesforce_execute_anonymous` directly accept and execute arbitrary Apex code bodies, which is a critical risk if the upstream AI model is compromised or generates malicious code. While `SECURITY.md` mentions that 'All SOQL inputs are sanitized to prevent injection,' the code review contradicts this for certain parameters. Hardcoded secrets are not evident, as environment variables are used for authentication.
Similar Servers
cldcde
A persistent context manager that scrapes, stores, searches, and analyzes AI conversations from various platforms (ChatGPT, Grok, Gemini, Claude) to support project development and insights.
Salesforce-MCP-Server
Transforms Claude Desktop into a powerful Salesforce IDE for development, metadata management, SOQL execution, multi-org operations, and automation through natural language commands.
mcp-pipedrive
Provides Claude with comprehensive access to the Pipedrive CRM API, enabling seamless automation of sales workflows, deal management, contact organization, and activity tracking through natural language conversations.
session-buddy
The MCP server provides comprehensive session management, conversation memory, quality monitoring, and developer tooling integration for Claude Code projects, aiming to reduce token usage and enhance development workflows. It integrates with various LLM providers, Git worktrees, and code quality tools like Crackerjack.