Registry/Salesforce MCP Server

Salesforce MCP Server

v1.0.2
Verified

MCP server for Salesforce Data Dictionary Generation

By CommunityMIT
typescript
web services
920stars
124downloads
125forks
Scanned Jul 13, 2026
WebsiteNPM
A85%
Scanned 6d ago

Very Good Security

Vulnerabilities Found
0Crit
1High
0Med
0Low
0Info

Security ScoreA

85
out of 100

Vulnerabilities Found

0
Crit
1
High
0
Medi
0
Low
0
Info
Last scanned: 7/13/2026

Quality ScoreC

62
out of 100
48
Maint.
61
Popular
68
Docs
73
Compat
Maintenance48%
Popularity61%
Documentation68%
Compatibility73%

Maintenance48

Unknown
Commit Frequency30%
Release Frequency70%
Issue Response45%

Popularity61

920
Stars
124
Downloads
125
Forks
Stars Score83%
Downloads Score38%
Forks Score74%

Documentation68

README Quality70%

Available Documentation

API DocsExamplesChangelog

Compatibility73

MCP Spec Compliance80%
Transport Support50%

Features

TypeScript

Supported Transports

STDIO

Agentic MCP Risk Intelligence

MCPSafe checks risks unique to AI-connected MCP servers — prompt surfaces, model-controlled tools, credentials, filesystems, and network reachability.

0
agentic findings
No advanced MCP issues detected

The current scan did not find prompt-injection, agent command, exfiltration, unbounded filesystem, or MCP SSRF patterns.

Prompt Injection Surface
0

Tool metadata can steer or hijack AI clients before a user invokes the tool.

AI → Command Execution
0

Model-selected tool arguments can reach shell/process execution.

Secret Exfiltration Path
0

Tool context combines credential access with outbound network capability.

Unbounded Filesystem
0

AI-controlled paths may access files outside the intended workspace.

Agent SSRF
0

AI-controlled URLs may reach local, metadata, or internal network services.

Vulnerabilities(1)

1High
Filter:

READMESalesforce MCP Server

Salesforce MCP

⚠️ SOQL INJECTION VULNERABILITY ⚠️

Issue

Query construction does not sanitize user input, allowing SOQL injection attacks.

Example

Input: x' OR Id != ''

Query becomes: SELECT Id FROM Account WHERE Name = 'x' OR Id != ''

Impact

  • Access to unauthorized records
  • Data exfiltration
  • Business logic bypass

Mitigation

Use parameterized queries with Salesforce Apex binding variables.

Embed Security Badge

Add this badge to your README or documentation

Salesforce MCP Server MCPSafe Security
[![Salesforce MCP Server MCPSafe Security](https://api.mcpsafe.org
/api/badge/salesforce-mcp-soql-injection.svg)](https://mcpsafe.org/registry/salesforce-mcp-soql-injection)
Need more customization options?Badge Documentation

Server Information

Source
NPM
Package
salesforce-mcp
Version
1.0.2
Language
typescript
License
MIT
Transport
STDIO
Added
Jan 20, 2026
Updated
Jul 13, 2026