Summary
Gives you MCP access to HubSpot's CRM through the Web API. You can manage contacts, companies, deals, tickets, leads, tasks, and notes, plus work with properties, lists, workflows, the knowledge base, and file uploads. Built by Mindstone with multi-account support and host-orchestrated OAuth, so you can switch between portals without manually juggling tokens. Reach for this when you need an LLM to pull deal stage data, update contact properties in bulk, or draft ticket replies based on CRM context. It's part of a 35-connector monorepo that shares auth patterns and hardening practices across Google Workspace, Slack, Salesforce, and others.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Public tool metadata for what this MCP can expose to an agent.
7 tools
search_crm_objectsSearches and retrieves CRM records from HubSpot based on filters and criteria. <capabilities> - Returns a 'total' count attribute that can help perform analytical tasks on large datasets - Useful to sample data from a specific object type to understand the data model - Can lis...8 params
Searches and retrieves CRM records from HubSpot based on filters and criteria. <capabilities> - Returns a 'total' count attribute that can help perform analytical tasks on large datasets - Useful to sample data from a specific object type to understand the data model - Can lis...
Parameters* required
limitintegerMaximum number of results per page. Max: 200, Default: 100
querystringOptional text to search for within the default searchable properties of the specified object type.
Uses simple text matching (contains)
Each object type has different searchable properties.
contacts - firstname, lastname, email, phone, company),
companies - name, website, domain, phone),
deals - dealname, pipeline, dealstage, description, dealtype)
ticket - subject, content, hs_pipeline_stage, hs_ticket_category, hs_ticket_id)
Max length - 200 chars
sortsarrayOptional sorting rules for results. Only one sort rule can be applied
offsetintegerPaging cursor token for pagination
objectTypestringMandatory field specifying ObjectType to search for objects for.
propertiesarrayOptional list of property names to include in results. Returns default set if empty. Specify the minimum set of properties needed for the task for best results. Leave it empty only if you explicitly need to discover the full default property set.
chatInsightsobjectInsights about the chat including user intent and satisfaction level.
IMPORTANT: MUST be provided for all scenarios.
filterGroupsarray* The filter groups that define the search criteria.
* Filters that match ALL of several conditions (AND logic) should be put in the same filterGroup.
* Filters that match AT LEAST ONE of several conditions (OR logic) should be put in a separate filterGroup.
get_propertiesFetches property definitions including data types and enumeration values. <capabilities> - Particularly useful for discovering valid options in enumeration-type properties - To search for actual data, use search_crm_objects </capabilities> <returns> List of property definition...2 params
Fetches property definitions including data types and enumeration values. <capabilities> - Particularly useful for discovering valid options in enumeration-type properties - To search for actual data, use search_crm_objects </capabilities> <returns> List of property definition...
Parameters* required
objectTypestringThe object type to get properties for. e.g., contacts, companies, deals, tickets, etc.
propertyNamesarrayThe set of property names to retrieve
submit_feedbackCollects and submits feedback to HubSpot on dissatisfaction or user request. <when_to_invoke> <agent_detected_signals> - User provides explicit correction: "No, I meant...", "Actually, I want..." - User repeats query with different phrasing - User states something is wrong: "T...5 params
Collects and submits feedback to HubSpot on dissatisfaction or user request. <when_to_invoke> <agent_detected_signals> - User provides explicit correction: "No, I meant...", "Actually, I want..." - User repeats query with different phrasing - User states something is wrong: "T...
Parameters* required
goalstringUser's goal or what they were trying to accomplish and relevant conversation context.
Avoid PII - use anonymized references.
Important: Avoid adding extraneous information, especially from memory.
feedbackstringUser's verbatim feedback. NEVER paraphrase - use the user's exact words if they provided feedback.
Avoid PII - use anonymized references.
satisfactionstringPerceived overall satisfaction of the feedbackone of
DISSATISFIED · NEUTRAL · SATISFIEDtriggeringToolNamestringName of the tool related to this feedback
explanationOfSatisfactionstringBrief reasoning for the perceived satisfaction. Examples: 'User corrected the agent twice', 'User expressed gratitude for the help', 'Neutral conversation with no strong signals'.
When errors occurred: Explain why the agent made a request that failed validation, including what the agent's reasoning was and why it failed. This helps with investigation and improvement. Example: 'Error: "A non-empty list of objects to create or update must be provided" - Agent attempted to batch update contacts but incorrectly passed an empty list because it filtered out all objects based on a misunderstanding of the user's criteria. Failed to recognize this logic error despite receiving the validation error message.'
search_ownersLists and searches for owners who can be assigned to CRM records. <capabilities> - Supports searching by name/email or batch lookup by owner IDs - HubSpot owner ids and user IDs are distinct, lookups only work when owner ids are provided specifically </capabilities> <returns>...4 params
Lists and searches for owners who can be assigned to CRM records. <capabilities> - Supports searching by name/email or batch lookup by owner IDs - HubSpot owner ids and user IDs are distinct, lookups only work when owner ids are provided specifically </capabilities> <returns>...
Parameters* required
limitintegerMaximum number of results to return. Defaults to 25, max 100
offsetintegerOffset for pagination. Defaults to 0
ownerIdsarrayOptional list of owner IDs to lookup directly. When provided, search query is ignored
searchQuerystringOptional search query to find owners by name or email. Returns all owners if not provided
search_propertiesFinds the most relevant CRM property definitions using keyword-based search. <capabilities> - Lists all property definitions for specified object type when no search terms provided - To search for actual data, use search_crm_objects </capabilities> <returns> A filtered list of...3 params
Finds the most relevant CRM property definitions using keyword-based search. <capabilities> - Lists all property definitions for specified object type when no search terms provided - To search for actual data, use search_crm_objects </capabilities> <returns> A filtered list of...
Parameters* required
querystringDEPRECATED: Use keywords instead.
Single search keyword for backward compatibility.
If both query and keywords are provided, keywords takes precedence.
If empty and no keywords provided, returns all properties for the object type.
keywordsarrayMultiple search keywords (max 5) to find relevant properties using efficient keyword-based search.
Supports searching for multiple related property concepts in a single request.
Examples:
- ["urgency"] - Single keyword search
- ["assignee", "assigned_to", "owner"] - Multiple related keywords for assignment
- ["name", "employees", "zip", "contact"] - Multiple unrelated keywords for different properties
If both query and keywords are provided, keywords takes precedence.
If empty and no query provided, returns all properties for the object type.
objectTypestringThe name of the object type to search properties for
get_crm_objectsFetches multiple CRM objects of the same object type in a single request. <returns> A list of CRM objects with their properties, identified by their unique IDs, containing: - id: Unique identifier for the CRM object - properties: Key-value pairs of property names and their val...3 params
Fetches multiple CRM objects of the same object type in a single request. <returns> A list of CRM objects with their properties, identified by their unique IDs, containing: - id: Unique identifier for the CRM object - properties: Key-value pairs of property names and their val...
Parameters* required
objectIdsarrayList of object IDs to fetch. Min: 1, Max: 100
objectTypestringObject type to fetch
propertiesarrayList of CRM Properties to include in the response
get_user_detailsReturns user and hub info; CRM/marketing object read/write availability. <usage_guidance> - This tool must be used before performing any operations with Hubspot tools to determine the identity of the user, and permissions they have on their Hubspot account - This tool only ret...
Returns user and hub info; CRM/marketing object read/write availability. <usage_guidance> - This tool must be used before performing any operations with Hubspot tools to determine the identity of the user, and permissions they have on their Hubspot account - This tool only ret...
No parameter schema in public metadata yet.
mcp-servers
Source-available MCP servers by Mindstone. Works with any MCP host — Claude Desktop, Cursor, Rebel, and others.
Browse all 35 connectors with their version, auth model, and tool count at the catalogue site (regenerated from each connector's STATUS.json on every push).
Connectors
| Connector | Description |
|---|---|
| apple-shortcuts | Run and list Apple Shortcuts on macOS via the shortcuts CLI |
| browser-automation | Headless browser control via accessibility snapshots — navigate, fill forms, click, and screenshot pages via the agent-browser CLI |
| elevenlabs | Generate speech, music, and sound effects, browse voices, and transcribe audio via the ElevenLabs API |
| email-imap | Read, search, send, and manage emails through IMAP and SMTP |
| fathom | List and search meetings, view details, read transcripts, and manage teams via Fathom AI |
| freshdesk | Manage helpdesk tickets, search support requests, reply to customers, and add internal notes |
| gamma | Create AI-powered presentations, documents, webpages, and social posts via Gamma |
| google-analytics | Discover GA4 accounts and properties, explore the live schema, and run reports via the Google Analytics API |
| google-workspace | Read, search, and send across Gmail, Calendar, Drive, Docs, Sheets, Slides, Contacts, and Comments with host-orchestrated OAuth and per-account on-disk credentials |
| hubspot | Manage HubSpot CRM — contacts, companies, deals, tickets, leads, tasks, notes, properties, lists, workflows, knowledge base, and files — with multi-account, host-orchestrated OAuth |
| humaans | Query employee profiles, job roles, time-away requests, and company info via Humaans HR |
| kling | Generate AI videos from text descriptions or images via Kling AI |
| microsoft-calendar | List, create, update, and respond to Outlook calendar events, check free/busy, and list calendars; reuses the cohort's host-orchestrated Microsoft 365 OAuth surface |
| microsoft-files | List, search, upload, download, share, and read OneDrive files via Microsoft Graph; reuses the cohort's host-orchestrated Microsoft 365 OAuth surface |
| microsoft-mail | List, search, read, send, reply, forward, draft, move, and delete Outlook email; owns the cohort's host-orchestrated Microsoft 365 OAuth surface |
| microsoft-sharepoint | Discover sites, browse libraries, read pages and lists, search content, and mutate SharePoint files/lists with incremental Sites.Read.All consent |
| microsoft-teams | List and read Teams chats, send chat messages, list teams and channels, and read presence; reuses the cohort's host-orchestrated Microsoft 365 OAuth surface |
| mixmax | Manage sequences, send tracked emails, use templates, and monitor engagement via Mixmax |
| nano-banana | Generate and edit images using Google Gemini's AI capabilities |
| napkin | Generate professional visuals — diagrams, infographics, and illustrations — from text via Napkin AI |
| office | Read and edit Word documents, Excel workbooks, and PowerPoint presentations from desktop Microsoft 365 via an Office Add-in sidecar |
| openai-image | Generate and edit images via OpenAI's gpt-image-2 — sharp text rendering, multilingual support, and four quality levels |
| outreach | Manage prospects, sequences, accounts, tasks, and mailings via the Outreach sales engagement API |
| pandadoc | Create, send, and manage documents, templates, and e-signatures via PandaDoc |
| quickbooks | Manage invoices, bills, customers, vendors, employees, and accounts in QuickBooks Online |
| replit-ssh | Read, write, list, and check files on Replit projects over SSH/SFTP, with one-shot SSH key + config setup on the operator's machine |
| retell-ai | Place voice-agent phone calls, manage agents and LLM prompts, and discover voices via the Retell AI API |
| runway | Generate AI video, images, audio, speech, and sound effects via Runway ML |
| salesforce | Manage accounts, contacts, opportunities, leads, tasks, users, and custom objects via the Salesforce API |
| servicenow | Manage incidents, change requests, users, and knowledge base articles in ServiceNow |
| slack | Multi-workspace Slack — channels, messages, threads, reactions, users, files, bookmarks, and scheduled messages via the Slack Web API, with host-orchestrated OAuth |
| talentlms | Manage users, courses, groups, branches, enrolments, and assessments in TalentLMS |
| vanta | Read and manage compliance posture in Vanta — vulnerabilities, tests, controls, evidence, resources, people, vendors, documents, and compliance summary |
| workday | Query workers, profiles, and organizations in Workday HCM |
| zendesk | Manage tickets, macros, users, and views in Zendesk Support |
Quick Start
Each server builds independently:
cd connectors/<name>
npm install
npm run build
Or run directly via npx (once published):
npx -y @mindstone/mcp-server-zendesk
Moving from
@mindstone-engineering/? Every server has been republished under the shorter@mindstone/npm scope. The legacy@mindstone-engineering/mcp-server-*packages still install but are marked deprecated. See MIGRATION.md for the consumer one-liner and the deprecation timeline.
See each server's README for configuration and host setup instructions. Some connectors require additional environment variables to opt into specific behaviour (e.g. QB_ALLOW_PROD_WRITES for QuickBooks production writes, MCP_WORKSPACE_PATH for sandboxed file reads, BROWSER_AUTOMATION_ALLOW_EVAL for browser-automation script eval) — see the per-connector READMEs for the full list.
Security & Hardening
This monorepo follows a defence-in-depth posture for tool-call hosts. Highlights include:
- Workflow safety. GitHub Actions workflows are env-fy'd against script injection (CWE-94), every action is pinned to a commit SHA (kept current by Dependabot), and each job is granted a least-privilege
permissions:block. Publish is split into a build job (does the install/test/pack with no publish credentials) and a publish job (downloads the packed tarball, runs onlynpm publish --ignore-scripts --provenanceunder OIDC trusted publishing, gated by thenpm-publishenvironment). The publish job invokes NO third-party JS —tsc,vitest, lifecycle scripts, etc. all run upstream, away fromid-token: write. See docs/security/AUDIT_FOX-3319_tanstack_supply_chain.md for the supply-chain threat model and docs/security/BRANCH_PROTECTION.md for required GitHub settings. - Release-age cool-down. The repo-level
.npmrcsetsmin-release-age=7(days), so CI refuses to install dependency versions published in the last week. This blocks the "same-day malicious re-publish" path that ships post-npm audit-clean PRs into a release tag. - Provenance-attested releases. Releases are published by CI (
.github/workflows/release.yml) under the@mindstone/npm scope via Trusted Publishing OIDC — no long-lived npm token exists anywhere — with--provenanceSigstore attestations consumers can verify vianpm audit signatures. Every publishable release commit must carry aRelease-Gatetrailer pointing at its pre-release security review, and every publish posts an alert; the full gate chain is in docs/PUBLISH_APPROVAL_PROCESS.md. (Only a brand-new connector's first publish is manual and WebAuthn-gated; those tarballs carry no provenance attestation but remain shasum-verifiable — check out the release commit and runnpm pack; see MIGRATION.md.) - OpenSSF Scorecard. The repo runs the OpenSSF Scorecard weekly via
.github/workflows/scorecard.yml. The report is generated by a third party from the source tree, so every claim above (action pinning, branch protection, token usage, dependency hygiene) is independently checked rather than just asserted here. The current score is shown by the badge at the top of this README.
Recommendations for consumers
These connectors are published as plain npm packages. The strongest single thing you can do to protect yourself from a future supply-chain compromise of any npm package (these or otherwise) is to use a client that does not run lifecycle scripts by default:
- pnpm (
pnpm install/pnpm dlx) — does not executepostinstall/preparehooks unless explicitly allowlisted viaonlyBuiltDependencies. pnpm v11+ also defaults to a 24-hourminimumReleaseAgecool-down. - bun (
bunx) — same default, no lifecycle scripts unless allowlisted. - npm — if you must use npm, set
min-release-age=7andignore-scripts=truein your global~/.npmrc. Requires npm v11.10+ formin-release-age.
None of our published packages need postinstall to function, so disabling lifecycle scripts in your installer of choice is safe.
- Untrusted-content envelopes. External content from email, helpdesk, and ticketing systems (email-imap, freshdesk, zendesk) is wrapped in
<untrusted-content source="...">envelopes with close-tag breakout escaping, so an LLM host can recognise and refuse instruction-injection attempts. - Workspace sandboxing. File-uploading connectors (nano-banana, pandadoc, elevenlabs) constrain reads to
MCP_WORKSPACE_PATH(oros.tmpdir()) with canonical-prefix containment that handles symlinked roots like/tmp→/private/tmp. - Secure-by-default writes. Production-impacting writes (QuickBooks invoices/bills/customers/vendors) require an explicit
QB_ALLOW_PROD_WRITES=1opt-in env var; outreach prospect-enrolment and mixmax sequence-recipient tools carrydestructiveHint: trueso hosts surface confirmation prompts. - SSRF & path traversal. Download connectors (napkin, runway) enforce host allow-lists, manual-redirect handling, and symlink-safe write paths under a configurable root.
- Loopback OAuth bind. Connectors with local OAuth callback servers (salesforce, outreach) hard-code 127.0.0.1, ignoring any
MCP_OAUTH_BIND_HOSToverride. - E.164 validation. Outbound phone-call tools (retell-ai) reject non-E.164 numbers before any upstream API call.
For per-connector security notes, see each connector's README.
To report a vulnerability, please see SECURITY.md.
The Mindstone open-source family
This repo is one of several open-source projects from Mindstone:
- Rebel — the AI workspace desktop app that ships these connectors out of the box (source release in progress).
- Super-MCP — a proxy MCP router that loads only the tools you actually need, saving your context window.
- rebel-system — the public Rebel system: skills, prompts, operators, help docs, and templates.
- meeting-note-recorder — meeting detection, recording, and live transcripts (the Rebel note-taker).
Licence
Each connector is licensed under FSL-1.1-MIT — see the LICENSE file in each connector directory for details.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
HUBSPOT_CONFIG_DIR*Directory containing accounts.json and credentials/*.token.json
HUBSPOT_ACCOUNT_EMAIL*Account selector — one MCP process per HubSpot account
MCP_WORKSPACE_PATHWorkspace root for local file tools (required only when invoking upload/attach tools)
HUBSPOT_CLIENT_ID*HubSpot OAuth client ID
HUBSPOT_CLIENT_SECRET*secretHubSpot OAuth client secret
HUBSPOT_SOURCE_LABELdefault: HubSpot MCPSource attribution label applied to new records
HUBSPOT_DISABLE_REFRESHSet to 1 to disable token refresh on this surface (use on cloud so desktop remains the sole refresh authority)
HUBSPOT_ALLOW_CLOUD_REFRESHSet to 1 to allow refresh on the cloud surface even when HUBSPOT_DISABLE_REFRESH=1 (escape hatch)
HUBSPOT_REQUEST_TIMEOUT_MSdefault: 60000Outbound HTTP request timeout in milliseconds (max 300000 = 5 min)
HUBSPOT_SCOPE_TIEROAuth scope tier — 'readonly' or 'full'. Overrides the per-account stored tier
HUBSPOT_REFRESH_LOCK_STALE_MSStale-lock detection threshold for the credential refresh mutex (advanced)
Registryactive
Package@mindstone/mcp-server-hubspot
TransportSTDIO
AuthRequired
UpdatedMay 29, 2026
