HubSpot MCP
Provides complete access to the HubSpot API (1,076 tools) with safety categories, hub and plan awareness, retries, rate limiting, and both stdio and HTTP transports.
README
ohneben's HubSpot MCP
The most complete HubSpot MCP server there is. Run your entire HubSpot account in plain language from Claude, Cursor, or any other MCP client.
This Model Context Protocol server exposes the whole public HubSpot API β 1,076 endpoint tools across 102 APIs β CRM, CMS, Marketing, Automation, Conversations, Commerce, Files, Settings, Webhooks and more, generated straight from HubSpot's own OpenAPI definitions. Every tool is safety-categorized (π’ read-only / π‘ write / π΄ destructive) and β unique to this server β hub & plan aware: HubSpot publishes which hub and tier every API needs (Free / Starter / Professional / Enterprise), and this server carries that straight into each tool plus a live capability report for your portal. It runs over stdio (Claude Desktop and other local launchers) or Streamable HTTP (hosted in Docker), and ships with retries, client-side rate limiting tuned to HubSpot's burst caps, and request timeouts so it holds up against a live account.
Why you'll want this
Some MCP servers just forward a slice of the API. This one is built to be safe to hand to an LLM, complete, and easy to run for real:
| What you get | Why it matters |
|---|---|
| 1,076 tools β the whole public API | Contacts, companies, deals, tickets, every engagement type, associations v4, properties, pipelines, lists, imports/exports, marketing emails & events, campaigns, forms, transactional email, sequences, workflows/actions, conversations & custom channels, CMS pages/posts/HubDB/source code, files, commerce (invoices, orders, carts, payments, subscriptions), settings, webhooks β nothing hand-picked or left behind. Most servers stop at ~30 CRM tools. |
| Hub & plan awareness (nobody else has this) | HubSpot gates APIs by hub and tier β HubDB needs Content/Marketing Hub Professional, custom-object schemas need Enterprise, sequences need Sales/Service Professional. Every tool states its requirement, straight from HubSpot's own API index. |
hubspot_get_capabilities |
One call reports your portal, your token's granted scopes, today's API usage vs. the daily cap, and β per tool group β how many endpoints your token actually unlocks, with the scopes needed to unlock the rest. Optional live probes verify access end-to-end. No more walls of mystery 403s. |
| Curated safety categories π’ / π‘ / π΄ | Not naive "GET = safe": a POST β¦/search is a read-only query, merge is flagged irreversible, gdpr-delete is a permanent purge (vs. archive β recycle bin), list-membership calls are reversible links, POST /crm/v3/imports is a bulk import, and transactional email is sends messages. |
Machine-readable MCP annotations (readOnlyHint, destructiveHint) |
Hosts that honor annotations (Claude included) can auto-trust reads and demand confirmation before anything destructive. |
| Actionable error hints | 403 with MISSING_SCOPES β the exact scopes to add and where; plain 403 on a gated API β the plan tier it needs; 401 β token type & expiry guidance; 429 β your limits. The model gets how to fix it, not just what broke. |
| Read-only mode & group filtering | Expose only the 443 π’ read-only tools (HUBSPOT_READ_ONLY=true), or narrow to the groups you use (HUBSPOT_INCLUDE_GROUPS=contacts,deals,cms:*). Area wildcards included. |
| Discovery mode | HUBSPOT_TOOL_MODE=discovery swaps the 1,000+ tool list for 3 meta-tools (search / inspect / invoke over the same registry) β same coverage, tiny context footprint, and read-only mode still applies. |
| Real file uploads | The multipart endpoints (Files, CRM imports, HubDB import, CMS source code) actually work β pass file content inline or as base64. Most generated servers can't do multipart at all. |
| Automatic retries with backoff | Transient 429 / 5xx responses are retried with jittered exponential backoff, honoring HubSpot's Retry-After header. |
| Built-in rate limiting | Self-throttles under HubSpot's burst caps (default 100 req / 10 s) with a separate limiter for the /search endpoints (~5 req/s cap). A burst of tool calls won't trip a 429. |
| Response-size guard | Optionally cap huge list responses (HUBSPOT_MAX_RESPONSE_CHARS) so one call can't blow the model's context window. |
| CRM GraphQL passthrough | HubSpot's GraphQL endpoint is query-only, so it's a π’ tool here β fetch a contact, its company and that company's deals in one round-trip. |
| Raw-request escape hatch | hubspot_api_request reaches brand-new or beta endpoints the moment HubSpot ships them β auth, throttling and retries still handled server-side. |
| Two transports: stdio and Streamable HTTP | Use it locally in Claude Desktop, or run one always-on server that any number of MCP clients reach over HTTP. |
| Docker + docker-compose, health check, auto-restart | Production-style deployment out of the box: docker compose up and it stays up. |
| Optional bearer-token auth on the HTTP endpoint | Put the server behind a shared secret the moment it's reachable beyond localhost. |
| Your token never reaches the model | The access token lives in the server's environment and is injected on every request β the assistant only ever sees tool inputs and API responses. |
| Drop-in spec updates | npm run fetch-specs pulls HubSpot's latest OpenAPI definitions (and their hub/tier metadata) from HubSpot's public index β new endpoints become new tools on rebuild, no code changes. |
How it compares
There are a few ways to reach HubSpot from an AI assistant today. Here's how this server stacks up against the alternatives:
| This server | Official HubSpot MCP | shinzo-labs hubspot-mcp |
mcp-hubspot (buryhuang) |
CData MCP | |
|---|---|---|---|---|---|
| Approx. tools | ~1,079 | ~7 curated (remote) | 100+ | ~7 | 3 (generic SQL) |
| Whole public API (CRM and CMS Β· Marketing Β· Automation Β· Commerce Β· Files Β· Settings Β· Webhooks) | β | β CRM + some content reads | β CRM-centric | β | β |
| Hub & plan-tier awareness per tool | β | β | β | β | β |
| Account capability report (scopes Β· usage Β· unlocks) | β | β | β | β | β |
| Reads and writes | β | β | β | β partial | β read-only |
| Curated π’ / π‘ / π΄ safety categories | β | β | β | β | n/a |
readOnlyHint / destructiveHint annotations |
β | β | β | β | β |
| Read-only mode + group filtering | β | β | β | β | always read-only |
| File uploads (multipart) | β | β | β | β | β |
| GraphQL passthrough | β | β | β | β | β |
Rate limiting + auto-retry (429/5xx) |
β | β | β | β | β |
stdio transport |
β | β local package | β | β | β |
| Streamable-HTTP transport | β | β hosted remote | β | β | β |
| Docker + compose + health check | β | β | β Dockerfile | β image only | β |
| Self-hosted on your own infra | β | β vendor cloud | β | β | β |
| Language | TypeScript | TypeScript | TypeScript | Python | Java |
| License | MIT | β | MIT | MIT | MIT |
<sub>β = yes Β· β = partial / not documented Β· β = no. Compiled from each project's public documentation; this is an unofficial project, not affiliated with HubSpot or the projects listed. Tool counts are approximate and move as APIs evolve.</sub>
The short version: the official remote server is a great managed on-ramp but covers a handful of curated tools. The community servers are solid but CRM-centric, without plan awareness or safety guardrails. This one gives you the entire public API, hub/plan awareness no one else has, both transports, a production Docker deployment, and curated safety categories β self-hosted, on your token, MIT.
What you can do
Once it's connected, ask your assistant things like:
- "Find jane@example.com, show her company, open deals and the last emails we exchanged."
- "Create a $12,000 deal 'Acme expansion' in the Sales pipeline, stage Qualified, associated with Acme Corp."
- "Search contacts created this month with lifecycle stage MQL and add them to the 'Q3 nurture' list."
- "Which HubDB tables exist? Add a row to 'pricing' and publish the table."
- "Clone last month's newsletter as a draft β don't publish."
- "Upload this CSV and start a contact import mapped to email + first name."
- "What can my token do? Check my API usage and which scopes are missing for HubDB." (β
hubspot_get_capabilities) - "Merge these two duplicate contacts β after showing me both records first."
Tools are generated automatically from HubSpot's specs and grouped into π’ read-only, π‘ write and π΄ destructive β so a well-behaved host can treat each group differently.
How it works
Claude / Cursor / any MCP client ββMCPβββΊ this server ββHTTPSβββΊ api.hubapi.com (your portal)
The server parses 104 bundled OpenAPI definitions (fetched from HubSpot's public
API index, which also publishes per-API hub/tier requirements) into MCP
tools β resolving $refs, guarding against recursive schemas, deriving clean
names like contacts_search and hubdb_tables_create_table, and tagging each
tool with a curated safety category, its plan requirement and its OAuth scopes.
Your access token is injected server-side on every request; the model never
sees or handles it.
Hub & plan awareness
HubSpot isn't one API β what you can call depends on which hubs (Marketing, Sales, Service, Content, Commerce, Operations) and which tier (Free, Starter, Professional, Enterprise) the portal has, plus the scopes granted to your token. This server is built around that reality:
-
Every tool description carries the requirement, from HubSpot's own index:
π’ READ-ONLY Β· Hubdb (CMS) Β· GET /cms/v3/hubdb/tables β¦ Plan: Professional tier of Marketing Hub / Content Hub. Scopes: hubdb. -
hubspot_get_capabilitiesreports, for your portal and token: account details, granted scopes, today's API usage vs. the daily cap, and per tool group how many endpoints are unlocked ("unlockedByScopes": "13/16"), what would unlock the rest, plan requirements and beta status. Passprobe_groups: ["hubdb"]to live-verify with one cheap read per group β plan gates often only surface as 403s, and this catches them up front. -
403s come back with the fix: missing scope β the exact scope name and where to grant it; plan-gated API β the tier HubSpot requires.
Requirements
- A HubSpot account and a private app access token (or an OAuth access token) β see Get your API credentials.
- Docker (Docker Desktop on macOS/Windows) for the quick start below β or Node.js β₯ 18 to run from source.
Quick start (Docker)
1. Add your credentials. Copy the example config and fill it in:
cp .env.example .env
# edit .env β set HUBSPOT_ACCESS_TOKEN
# β set MCP_SHARED_TOKEN to a long random string if reachable beyond localhost
2. Start the server:
docker compose up -d --build
The bundled docker-compose.yml binds to 127.0.0.1:8765 only, so the server is
reachable from your machine but not the network.
3. Confirm it's running:
curl -s http://localhost:8765/health
# β {"status":"ok","server":"hubspot-mcp","tools":1079,"endpoints":1076,"mode":"all"}
4. Connect your MCP client. The MCP endpoint is http://localhost:8765/mcp.
-
Claude Desktop β add a custom connector (Settings β Connectors) pointing at the URL, or bridge it locally with
mcp-remote. Add this undermcpServersin your config, then fully quit and reopen the app:{ "mcpServers": { "hubspot": { "command": "npx", "args": [ "mcp-remote", "http://localhost:8765/mcp", "--header", "Authorization: Bearer YOUR_MCP_SHARED_TOKEN" ] } } }(Drop the
--headerline if you leftMCP_SHARED_TOKENempty.) -
Claude Code β one command:
claude mcp add --transport http hubspot http://localhost:8765/mcp -
Claude Cowork β shares Claude Code's MCP config, so the command above makes the tools available there too.
Tip: 1,000+ tools is a lot for some clients. Trim the surface with
HUBSPOT_INCLUDE_GROUPS(e.g.contacts,companies,deals,tickets,lists), or setHUBSPOT_TOOL_MODE=discoveryto get the same coverage through 3 meta-tools β see Context footprint for measured numbers per configuration.
Prefer a prebuilt image?
Every push to main publishes a ready-to-run image to the GitHub Container
Registry, so you can skip the local build entirely:
docker run -d --name hubspot-mcp -p 127.0.0.1:8765:8765 --env-file .env \
ghcr.io/ohneben/hubspot-mcp:latest
Get your API credentials
The recommended way is a private app token:
- In HubSpot, open Settings β Integrations β Private Apps and click Create private app.
- On the Scopes tab, tick what you want the assistant to reach. Scopes map
1:1 to tool groups β grant read scopes (
crm.objects.contacts.read, β¦) for a reporting setup, add write scopes only where you want changes. You can change scopes later; the capability report shows what's missing for any group. - Create the app and copy the access token (
pat-β¦) βHUBSPOT_ACCESS_TOKENin.env.
Notes:
- OAuth access tokens work too (for apps you've built) β but they expire after ~30 minutes and this server does not refresh them; private-app tokens are the right fit for a long-running server.
- The token determines the portal β no portal ID needed.
- EU data residency: if your portal lives in HubSpot's EU data center, set
HUBSPOT_BASE_URL=https://api-eu1.hubapi.com.
Configuration
Everything is set in .env (copied from .env.example):
| Variable | Required | Default | Description |
|---|---|---|---|
HUBSPOT_ACCESS_TOKEN |
β | β | Private-app token (pat-β¦) or OAuth access token |
HUBSPOT_BASE_URL |
β | https://api.hubapi.com |
Use https://api-eu1.hubapi.com for EU data residency |
MCP_TRANSPORT |
β | stdio |
stdio or http (the Docker image defaults to http) |
PORT |
β | 8765 |
HTTP listen port |
HOST |
β | 0.0.0.0 |
HTTP bind address |
MCP_HTTP_PATH |
β | /mcp |
HTTP MCP route |
MCP_SHARED_TOKEN |
β | (off) | Require Authorization: Bearer <token> on /mcp |
HUBSPOT_MAX_REQUESTS |
β | 100 |
Client-side requests per window (0 disables throttling) |
HUBSPOT_RATE_WINDOW_MS |
β | 10000 |
Rate-limit window in ms (default: 100 req / 10 s) |
HUBSPOT_SEARCH_MAX_REQUESTS |
β | 4 |
Extra throttle for /search endpoints (0 disables) |
HUBSPOT_SEARCH_RATE_WINDOW_MS |
β | 1000 |
Search throttle window (default: 4 req / 1 s) |
HUBSPOT_MAX_RETRIES |
β | 3 |
Retries on 429 / 5xx / network errors |
HUBSPOT_TIMEOUT_MS |
β | 30000 |
Per-attempt request timeout |
HUBSPOT_READ_ONLY |
β | false |
Expose only π’ read-only tools |
HUBSPOT_INCLUDE_GROUPS |
β | (all) | Only expose these groups β keys like contacts,deals and area wildcards like cms:* |
HUBSPOT_EXCLUDE_GROUPS |
β | (none) | Hide these groups (same syntax) |
HUBSPOT_INCLUDE_BETA |
β | true |
Include beta / developer-preview APIs |
HUBSPOT_TOOL_MODE |
β | all |
all (one tool per endpoint) or discovery (3 meta-tools) |
HUBSPOT_ENABLE_GRAPHQL |
β | true |
Expose the CRM GraphQL query tool |
HUBSPOT_GRAPHQL_URL |
β | (derived) | Override the GraphQL endpoint |
HUBSPOT_ENABLE_RAW_REQUEST |
β | true |
Expose the raw-request escape hatch (auto-hidden in read-only mode) |
HUBSPOT_MAX_RESPONSE_CHARS |
β | 0 |
Truncate responses longer than N chars (0 = never) |
HUBSPOT_SPEC_DIR |
β | (bundled) | Load OpenAPI files + catalog.json from a different directory |
After changing .env, reload with docker compose up -d --force-recreate.
Run npm run list-tools (no credentials needed) to print the full catalog, the
per-category counts, and every group key you can filter on β add --names to
list all 1,076 tool names.
Tool safety categories
Each tool's description starts with one of these banners and carries the matching MCP annotations:
| Banner | Count | readOnlyHint |
destructiveHint |
Meaning |
|---|---|---|---|---|
| π’ READ-ONLY | 348 | true |
false |
GET β fetches data only. Safe. |
| π’ READ-ONLY Β· query | 95 | true |
false |
A POST that searches/reads (object search, batch read, export start, token introspection) β changes no records. |
| π‘ WRITE Β· creates data | 245 | false |
false |
Creates records (not idempotent; may duplicate). |
| π‘ WRITE Β· creates or updates | 36 | false |
false |
Idempotent upserts (batch upsert, marketing-event upsert). |
| π‘ WRITE Β· updates data | 168 | false |
false |
Modifies records/settings in place. |
| π‘ WRITE Β· links records | 19 | false |
false |
Associates records (list memberships, v4 associations). Reversible. |
| π‘ WRITE Β· unlinks records | 12 | false |
false |
Removes associations. Reversible β records survive. |
| π‘ WRITE Β· sends messages | 4 | false |
false |
Marketing/transactional email, sequence enrollment, conversation replies. |
| π‘ WRITE Β· bulk import | 1 | false |
false |
POST /crm/v3/imports β can create/update thousands of records. |
| π΄ DESTRUCTIVE Β· deletes data | 96 | false |
true |
Deletes/archives a record (CRM archives are restorable ~90 days). |
| π΄ DESTRUCTIVE Β· bulk delete | 42 | false |
true |
Batch archive β many records in one call. |
| π΄ DESTRUCTIVE Β· merges records | 7 | false |
true |
HubSpot cannot un-merge. Confirm both IDs first. |
| π΄ DESTRUCTIVE Β· permanent GDPR purge | 3 | false |
true |
Skips the recycle bin; gone forever. |
That's 443 read-only Β· 485 write Β· 148 destructive = 1,076 endpoint tools,
plus the three power tools below. Hosts that respect annotations (Claude
included) can require confirmation for destructiveHint tools and trust
readOnlyHint tools automatically. Prefer to lock it down further? Set
HUBSPOT_READ_ONLY=true to expose only the 443 read-only tools (plus the π’
capability and GraphQL tools).
<details> <summary><strong>Coverage by area (APIs / π’ read / π‘ write / π΄ destructive)</strong></summary>
| Area | APIs | π’ Read | π‘ Write | π΄ Delete | Tools |
|---|---|---|---|---|---|
| CRM | 58 | 216 | 245 | 92 | 553 |
| CMS | 13 | 74 | 123 | 22 | 219 |
| Marketing | 7 | 42 | 46 | 11 | 99 |
| Conversations | 3 | 18 | 11 | 3 | 32 |
| Automation | 3 | 17 | 10 | 4 | 31 |
| Webhooks Journal | 1 | 20 | 3 | 3 | 26 |
| Settings | 3 | 14 | 9 | 1 | 24 |
| Files | 1 | 10 | 7 | 4 | 21 |
| Communication Preferences | 1 | 6 | 8 | 0 | 14 |
| Events | 3 | 4 | 7 | 2 | 13 |
| Webhooks | 1 | 3 | 4 | 2 | 9 |
| Data Studio | 1 | 1 | 6 | 1 | 8 |
| Auth (OAuth) | 1 | 3 | 2 | 2 | 7 |
| Account | 2 | 5 | 0 | 0 | 5 |
| Commerce | 1 | 2 | 2 | 1 | 5 |
| Scheduler | 1 | 3 | 2 | 0 | 5 |
| Meta | 1 | 4 | 0 | 0 | 4 |
| Business Units | 1 | 1 | 0 | 0 | 1 |
| Total | 102 | 443 | 485 | 148 | 1,076 |
</details>
Context footprint
What does 1,000+ tools cost in model context? Measured on the bundled specs
(tools/list JSON payload; tokens β chars Γ· 3.6):
| Configuration | Tools | Payload | β Tokens |
|---|---|---|---|
| Full (default) | 1,079 | 2.20 MB | ~612k |
| Read-only mode | 445 | 0.61 MB | ~169k |
| CRM core presetΒΉ | 176 | 0.29 MB | ~81k |
| CRM core presetΒΉ + read-only | 65 | 0.10 MB | ~28k |
| Discovery mode | 6 | 0.01 MB | ~2k |
<sub>ΒΉ HUBSPOT_INCLUDE_GROUPS=contacts,companies,deals,tickets,lists,properties,associations,pipelines,crm-owners,notes,tasks,calls,emails,meetings</sub>
How to read that:
- Clients with tool search / deferred loading (Claude Code, claude.ai connectors) don't pay the upfront cost β tool definitions load on demand, so full mode is fine and only the tools actually used land in context.
- Clients that inject every tool definition upfront should pick a lever:
HUBSPOT_TOOL_MODE=discovery(~2k tokens, zero coverage lost β all 1,076 endpoints stay callable through search β inspect β invoke), aHUBSPOT_INCLUDE_GROUPSpreset, and/orHUBSPOT_READ_ONLY=true. - Responses consume context too. Cap outliers with
HUBSPOT_MAX_RESPONSE_CHARS(e.g.40000) and request only thepropertiesyou need on CRM reads. - Oversized inline schemas are already handled: the four pathological recursive schemas (list filters, workflow definitions β ~1.7 MB each fully inlined) are budget-pruned to β€24 KB with their top levels intact.
The power tools
Besides the generated endpoint tools, the server ships four hand-built ones:
hubspot_get_capabilitiesπ’ β the capability report described above. Call it first in a session.hubspot_graphql_queryπ’ β HubSpot's CRM GraphQL API (POST /collector/graphql). Query-only by design (HubSpot exposes no mutations), so it stays available even in read-only mode. Requires thecollector.graphql_query.executescope and Marketing/Content Hub Pro+.hubspot_api_requestπ΄ β raw escape hatch for any path on the HubSpot host (new betas, undocumented corners). Same auth injection, throttling and retries. Hidden in read-only mode.- Discovery mode (
HUBSPOT_TOOL_MODE=discovery) β replaces the 1,076 per-endpoint tools withhubspot_search_endpointsβhubspot_get_endpointβhubspot_invoke_endpointover the same registry. All filters (groups, beta, read-only) still apply; in read-only mode the invoke tool physically cannot reach a write because writes aren't in the registry.
Run from source (stdio, no Docker)
Prefer the classic stdio mode for Claude Desktop? Build it locally:
npm install
npm run build
Then point Claude Desktop at the compiled entrypoint in
claude_desktop_config.json:
{
"mcpServers": {
"hubspot": {
"command": "node",
"args": ["/ABSOLUTE/PATH/Hubspot-MCP/dist/index.js"],
"env": {
"MCP_TRANSPORT": "stdio",
"HUBSPOT_ACCESS_TOKEN": "pat-na1-β¦"
}
}
}
}
Keeping the specs current
The bundled files under spec/ are the source of truth for the tools. They are
fetched from HubSpot's own public API index
(https://api.hubspot.com/public/api/spec/v1/specs), which lists every public
API with per-version OpenAPI documents and the hub/tier requirements this
server bakes into tool descriptions. spec/catalog.json records what was
fetched (API, version, stage, beta flag, requirements, docs links).
To refresh against HubSpot's latest:
npm run fetch-specs # rewrites spec/*.json + spec/catalog.json
npm run build && npm run list-tools
New endpoints become new tools automatically β no code changes. The fetch script prefers each API's stable classic version (v1/v3/v4) and falls back to dated or beta versions when that's all HubSpot offers; a couple of APIs are pinned to bundle multiple genuinely-different versions (OAuth v1 + v3, Communication Preferences v3 + v4).
Development
npm install
npm run build # compile TypeScript β dist/
npm test # run the Vitest suite (81 tests)
npm run list-tools # print the categorized tool catalog (no credentials needed)
npm run fetch-specs # refresh spec/ from HubSpot's public API index
CI builds and tests every push across Node 20 and 22; pushes to main also
publish a Docker image to the GitHub Container Registry.
Notes & conventions
- Transports:
MCP_TRANSPORT=stdio(default) for local launchers;MCP_TRANSPORT=httpfor the always-on Streamable-HTTP server the Docker image runs. - Paging: CRM list tools use cursor paging β pass
limitand theaftercursor frompaging.next.after. Ask for the properties you need via thepropertiesparameter (arrays become repeated query params). - Search: the
*_searchtools take a JSONbodywithfilterGroups,sorts,query,properties,limitandafter. HubSpot caps search at ~5 req/s per token β the built-in search throttle keeps you under it. - Batch tools (
*_batch_read,*_batch_create, β¦) are the efficient way to touch many records β prefer them over loops of single calls. - Associations: use the v4 association tools (
associations_*) to link records, with optional labels via the association-schema tools. - File uploads: multipart tools accept file fields as
{"fileName": "report.pdf", "contentBase64": "β¦"}(orcontentfor plain text); other fields are sent as regular form fields, objects as JSON strings. - Deletes are archives for CRM objects (recycle bin, ~90 days) β the truly
permanent ones are the π΄
gdpr_deletepurge tools and record merges. - Rate limits: HubSpot enforces burst caps per 10 s (private apps:
100β200/10 s depending on plan; OAuth apps ~110/10 s) plus daily caps. The
server self-throttles at
HUBSPOT_MAX_REQUESTSper window and retries any429it still receives, honoringRetry-After. Check real usage anytime viahubspot_get_capabilities. - Request bodies: write tools take a
bodyargument; its schema is resolved from the spec and shown to the model (e.g.contacts_createexpects{"properties": {β¦}}). - Beta APIs (developer preview / public beta) are included by default and
labelled β οΈ in descriptions; hide them with
HUBSPOT_INCLUDE_BETA=false.
Security
- Your access token lives only in
.env, which is git-ignored. Never commit real secrets. The token grants whatever its scopes allow β if it leaks, rotate it in Settings β Integrations β Private Apps. - The HTTP endpoint is unauthenticated by default (fine on localhost). To expose
it beyond your machine, set
MCP_SHARED_TOKENand send it as anAuthorization: Bearer <token>header β ideally behind TLS. - Destructive tools (delete / merge / GDPR purge) and send tools
(marketing & transactional email, sequences) carry the right annotations so a
well-behaved host prompts before acting β keep that confirmation on, or run
with
HUBSPOT_READ_ONLY=true. - Scope the blast radius at the source: grant the private app only the scopes you actually need β the capability report will tell you what's missing when you want more.
See SECURITY.md for the full policy and how to report a vulnerability.
Credits & license
An unofficial community integration for HubSpot; not affiliated with or endorsed by HubSpot. Built on the Model Context Protocol. Tools are generated from HubSpot's public OpenAPI definitions. Licensed under the MIT License.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.