GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท mcp-server-hubspot

MCP HubSpot Server

vhosted remote (GA 2026-04-13)

HubSpot (Official)

MCPcrmmarketingmcpmodel-context-protocol
76
Strong
About This MCP

HubSpot's official hosted MCP server at https://mcp.hubspot.com, authenticated via OAuth 2.1 with PKCE and available to all HubSpot accounts and tiers. Launched as a read-only public beta in September 2025; GA on 2026-04-13 added write capabilities (CRM records and activities), activity history, marketing content objects, and organizational context - a material expansion of the risk surface. Actions inherit the connecting user's HubSpot permissions.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
crm operation reliability

Operation reliability assessment against the underlying HubSpot CRM API

Evidence
HubSpot MCP Server Documentation โ€” Hosted by HubSpot on the same platform as its public CRM APIs; reliable record operations across contacts, companies, deals, tickets, line items, and products
highVerified: 2026-07-09
search accuracy

Search quality testing

Evidence
HubSpot CRM Search API โ€” Record retrieval builds on the CRM search API with filtering across object types
mediumVerified: 2026-07-09
write operation reliability

Write-path reliability review

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” GA added write access for CRM records (contacts, companies, deals, tickets, line items, products) and activities (calls, emails, meetings, notes, tasks) with validation via the CRM APIs
highVerified: 2026-07-09
rate limit handling

Rate limiting behavior analysis

Evidence
HubSpot API Usage Guidelines โ€” Subject to HubSpot API rate limits, which vary by subscription tier
mediumVerified: 2026-07-09
error recovery

Error handling and discovery testing

Evidence
HubSpot MCP Server Documentation โ€” Standard API errors (permissions, validation, sensitive-data blocks) are surfaced to the MCP client; get_user_details tool lets agents discover available objects before acting
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
authentication security

Authentication mechanism review

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” OAuth 2.1 with PKCE is required for all connections; credentials generated via an MCP auth app in the account's Development section - no static API keys
highVerified: 2026-07-09
scope limitation

Analysis of available mechanisms to scope agent access below the user's permission level

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” Actions respect existing HubSpot user permissions - the connection inherits the full scope of the authorizing user rather than offering per-connection narrowing (e.g. a read-only grant)
highVerified: 2026-07-09
write action risk

Assessment of the GA capability change from read-only to write-enabled and its blast radius

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” GA on 2026-04-13 changed the server from read-only (beta since Sept 2025) to read/write: agents can now create and update contacts, companies, deals, tickets, line items, products, and log calls, emails, meetings, notes, and tasks - a materially larger risk surface than the beta
highVerified: 2026-07-09
sensitive data controls

Review of built-in sensitive data safeguards

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” Accounts with the sensitive-data setting enabled have Activity objects (calls, emails, meetings, notes, tasks) blocked from MCP access entirely
highVerified: 2026-07-09
audit logging

Audit logging review

Evidence
HubSpot Account Activity Logging โ€” Record changes appear in HubSpot property/activity history attributed to the authorizing user; no dedicated MCP-level audit log distinguishing agent actions from user actions
mediumVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
crm pii exposure

Data flow analysis of CRM PII exposure

Evidence
MCP Data Flow โ€” Contact and company records - names, emails, phone numbers, deal values - are returned into the agent context and sent to the LLM provider
highVerified: 2026-07-09
activity and communication exposure

Communication content exposure assessment

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” GA added activity history access: logged calls, emails, meetings, notes, and tasks - customer communication content - become readable by connected agents unless the sensitive-data block applies
highVerified: 2026-07-09
third party data sharing

Data sharing analysis

Evidence
LLM Provider Policies โ€” CRM and marketing data retrieved via MCP is processed by the connected LLM provider under that provider's privacy policy
highVerified: 2026-07-09
tenant scoping

Tenant and account isolation review

Evidence
HubSpot MCP Server Documentation โ€” Each OAuth connection is bound to a specific HubSpot account and user; access is confined to records that user can view or edit
mediumVerified: 2026-07-09
compliance readiness

Regulatory readiness assessment

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” Sensitive-data accounts get automatic activity blocking, and permissions are enforced, but GDPR/CCPA obligations for routing customer PII through third-party LLMs remain the customer's responsibility
mediumVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review

Evidence
HubSpot MCP Server Documentation โ€” First-party docs cover setup, OAuth app creation, supported objects for read vs write, and client integration guides
highVerified: 2026-07-09
changelog and disclosure

Review of capability-change communication

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” The read-only-to-read/write capability change at GA was clearly announced in the developer changelog with an effective date and object-by-object scope
highVerified: 2026-07-09
operation visibility

Logging and traceability assessment

Evidence
HubSpot MCP Server Documentation โ€” Changes are visible in record property history, but agent-initiated actions are not separately labeled from the authorizing user's own actions
mediumVerified: 2026-07-09
open source transparency

Source availability review

Evidence
HubSpot MCP Server Documentation โ€” The remote server is a closed-source hosted service; behavior is documented but the implementation is not auditable
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of setup

Setup complexity assessment

Evidence
HubSpot MCP Server Documentation โ€” No install: create an MCP auth app in the account's Development section, add https://mcp.hubspot.com to the client, complete browser OAuth
highVerified: 2026-07-09
api performance

Performance assessment

Evidence
HubSpot Developer Platform โ€” Performance tracks the underlying HubSpot CRM APIs; typical record operations complete quickly, large list operations are paginated
mediumVerified: 2026-07-09
reliability

Reliability analysis

Evidence
HubSpot Status โ€” Runs on HubSpot's production platform with public status transparency and strong uptime history
highVerified: 2026-07-09
feature coverage

Feature coverage assessment

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” Reads span CRM records, marketing content (campaigns, landing pages, blog posts, site pages, marketing events), and activities; writes cover core CRM records and activities - but custom objects are not supported
highVerified: 2026-07-09
availability across tiers

Tier and hub availability review

Evidence
HubSpot Changelog - Remote MCP Server GA โ€” GA to all HubSpot accounts - every hub and tier - at no additional cost
highVerified: 2026-07-09
Strengths
  • +Official HubSpot-hosted remote at https://mcp.hubspot.com - no install, OAuth 2.1 with PKCE required, no static API keys
  • +Available to all HubSpot accounts, hubs, and tiers at no additional cost
  • +Broad coverage: CRM records, activity history, and marketing content objects, with read/write on core objects since GA
  • +Inherits and enforces existing HubSpot user permissions on every action
  • +Built-in safeguard: sensitive-data accounts have Activity objects blocked from MCP access automatically
  • +Capability changes clearly communicated via the developer changelog (GA write expansion announced with scope and date)
Limitations
  • !RISK-SURFACE CHANGE 2026-04-13: GA added write capabilities - agents can now create/update CRM records and log activities, where the Sept 2025 beta was read-only; connections authorized pre-GA gained write reach with the platform change
  • !No per-connection scope narrowing: the agent gets the authorizing user's full permission set (no read-only grant option)
  • !Contact/company PII and customer communication content (calls, emails, notes) flow into the LLM provider's context
  • !Custom objects are not supported
  • !No dedicated MCP audit log; agent actions are attributed to the authorizing user in record history
  • !Closed-source hosted service; implementation not auditable
  • !Subject to HubSpot API rate limits that vary by subscription tier
Metadata
license: Proprietary (hosted service)
supported platforms
0: Hosted remote (https://mcp.hubspot.com)
1: Any MCP client with HTTP transport and OAuth 2.1 support
programming languages
0: N/A (hosted service)
mcp version: 1.0
docs: https://developers.hubspot.com/ai-tools/mcp
api dependency: HubSpot CRM and Marketing APIs
authentication: OAuth 2.1 with PKCE (required); MCP auth app created in the account's Development section
remote endpoint: https://mcp.hubspot.com
first release: 2025-09 (public beta, read-only); 2026-04-13 (GA with write)
maintained by: HubSpot
status: Active - generally available to all accounts
transport types
0: streamable-http

Use Case Ratings

code generation

Limited relevance; useful for generating CRM integration code against live schemas

customer support

Strong fit: ticket, contact, and activity context with write-back for notes and tasks

content creation

Marketing content objects (campaigns, landing pages, blogs) enable CRM-grounded content workflows

data analysis

Good for pipeline and deal analysis; rate limits constrain large extractions

research assistant

Useful for account and prospect research within the CRM

legal compliance

Customer PII and communication content reach the LLM provider; sensitive-data block helps but is coarse

healthcare

Patient contact data in CRM routed through agent contexts is high risk

financial analysis

Deal and revenue data accessible; moderate exposure risk

education

Workable for admissions/CRM use with standard PII caveats

creative writing

Marginal fit beyond marketing copy grounded in CRM data