// SCAN REPORT

Salesforce MCP Server

41 tools. 24 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

24 can modify or destroy data

17 read-only

41 tools total

Community server · catalogue entry verified 11/06/2026

How to control Salesforce MCP Server ↓

TOOL MAP

What Salesforce MCP Server exposes to your agents

Read (17) Write / Execute (20) Destructive / Financial (4)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Salesforce MCP Server tools

Destructive · Medium clear_default_org This tool irreversibly removes the default org configuration setting. Destructive · High delete_record This tool irreversibly deletes data from a Salesforce organization. Destructive · High package_uninstall Package uninstallation is a destructive operation that removes code, custom objects, workflows, and configurations from the org that cannot be easily undone. Destructive · High logout Logging out of a Salesforce org, especially a scratch org, can be irreversible if credentials are lost.

24 of Salesforce MCP Server's 41 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Salesforce MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Salesforce MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "clear_default_org": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "assign_permission_set": {
    "limits": [
      {
        "counter": "assign_permission_set_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "apex_get_log": {
    "limits": [
      {
        "counter": "apex_get_log_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Salesforce MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON SALESFORCE →

Free to start. No card required.

FULL CATALOGUE

All 41 Salesforce MCP Server tools

DESTRUCTIVE 4 tools

Destructive clear_default_org Clear the default target org from the Salesforce CLI configuration. After clearing, all tools will require an Destructive delete_record Delete a record from a Salesforce org using the REST API. Permanently removes the specified record. Input must Destructive package_uninstall Uninstall a second-generation package from the target org. Specify the package ID (starts with 04t) or alias f Destructive logout Log out of a Salesforce org. Use targetOrg to logout of a specific org, or set all to true to logout of all or

EXECUTE 9 tools

Execute deploy_start Deploy metadata to Salesforce org with test execution options. Execute execute_anonymous_apex Execute Apex code in a Salesforce Org. This command allows you to run Apex code directly against a specified S Execute run_apex_tests Run Apex tests in a Salesforce Org. This command allows you to execute unit tests with various options includi Execute run_code_analyzer Analyze code for quality and security issues. Run list_code_analyzer_rules first to select appropriate rules f Execute scanner_run Scan codebase with security and quality rules. Defaults to all rules if none specified. Execute scanner_run_dfa Run Graph Engine for Apex data flow analysis. Detects complex security issues like SOQL/SQL injection. Execute open Open your Salesforce org in a browser. To open a specific page, specify the portion of the URL after Execute open_record Opens a Salesforce record in a browser. Execute package_install Install or upgrade a package version in a Salesforce org. Supports both package IDs (04t) and aliases with var

WRITE 11 tools

Write assign_permission_set Assign a permission set to one or more org users. To specify an alias for the --target-org or --on-behalf-of f Write assign_permission_set_license Assign a permission set license to one or more org users. To specify an alias for the --target-org or --on-beh Write create_record Create a new record in a Salesforce org using the REST API. Returns the ID of the created record on success. I Write generate_class Generates the Apex .cls file and associated metadata file. These files must contained in a parent directory ca Write generate_component Generate Lightning Web Components (LWC) or Aura components with customizable templates and output directories Write generate_trigger Generates the Apex trigger .trigger file and associated metadata file. These files must be contained in a pare Write install_skill Install the Salesforce MCP Server skill for Claude Code into the current working directory (.claude/skills/sal Write login_into_org Authenticate and login to a Salesforce org via web browser. This command opens a browser window for OAuth auth Write schema_generate_tab Generate metadata source files for a new custom tab on a custom object. Custom tabs display custom object data Write set_default_org Set the default target org for the Salesforce CLI. Once set, all tools will use this org by default when no ta Write update_record Update an existing record in a Salesforce org using the REST API. Updates specified fields on the record. Inpu

READ 17 tools

Read apex_get_log Fetch the specified log or given number of most recent logs from the org. Read apex_log_list Fetch the list of apex debug logs returning the logs with their IDs. Read get_apex_code_coverage Get code coverage information for a Salesforce Org. This command allows you to retrieve org-wide coverage perc Read get_apex_test_results Retrieve results from a previous asynchronous Apex test run. Use this command with a test run ID to get detail Read get_default_org Get the current default target org configured in the Salesforce CLI. This returns the org alias or username th Read get_server_permissions Get current server permission settings Read list_code_analyzer_rules List available code analysis rules with details. Use to determine rules for code-analyzer run command. Read list_connected_salesforce_orgs List connected Salesforce Orgs. This command retrieves a list of all Salesforce Orgs that are currently connec Read list_metadata List the metadata components and properties of a specified type. Use this command to identify individual compo Read list_metadata_types Display details about the metadata types that are enabled for your org. The information includes Apex classes Read query_records Query records from a SINGLE Salesforce object using structured field conditions. Use this for precise queries Read query_records_to_file Query records from a Salesforce SObject and save to a file. This command allows you to execute a SOQL query ag Read search_records Search for text across multiple Salesforce objects simultaneously. USE THIS TOOL when searching for records th Read sobject_describe Describe a Salesforce SObject. This command retrieves detailed metadata about a specific Salesforce SObject, i Read sobject_list List all standard and custom objects in a Salesforce Org. This command retrieves a list of all standard and cu Read display_user Display information about a Salesforce user. Output includes the profile name, org ID, access token, instance Read generate_frontdoor_url Generate an authenticated Salesforce frontdoor URL that allows seamless browser login without re-entering cred

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Salesforce MCP Server

Can an AI agent delete data through the Salesforce MCP Server MCP server? +

Yes. The Salesforce MCP Server server exposes 4 destructive tools including clear_default_org, delete_record, package_uninstall. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Salesforce MCP Server? +

The Salesforce MCP Server server has 11 write tools including assign_permission_set, assign_permission_set_license, create_record. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Salesforce MCP Server.

How many tools does the Salesforce MCP Server MCP server expose? +

41 tools across 4 categories: Destructive, Execute, Read, Write. 17 are read-only. 24 can modify, create, or delete data.

How do I enforce a policy on Salesforce MCP Server? +

Register the Salesforce MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Salesforce MCP Server tool call.

Deterministic rules across all 41 Salesforce MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON SALESFORCE →

Free to start. No card required.

41 Salesforce MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.