← Back to Skills Marketplace

Hubspot mcp

Name: Hubspot mcp
Author: maverick

by Maverick · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install maverick-hubspot-mcp

Description

Search, read, and update HubSpot CRM contacts, companies, deals, tickets, associations, owners, and pipelines via HubSpot's hosted MCP server (https://mcp.hu...

README (SKILL.md)

HubSpot

Quick start

Always invoke through bash {baseDir}/scripts/invoke.sh — never call mcporter directly. The wrapper seeds the OAuth vault from the env-supplied tokens when needed, then calls mcporter.

bash {baseDir}/scripts/invoke.sh call maverick-hubspot.search_crm_objects objectType=contacts query="alice"
bash {baseDir}/scripts/invoke.sh call maverick-hubspot.get_pipeline_stages objectType=deals

For structured output (also surfaces transport errors as JSON envelopes — workaround for mcporter #153):

bash {baseDir}/scripts/invoke.sh call --output json maverick-hubspot.search_crm_objects objectType=contacts query="alice" | jq '.result.content'

Discover available tools and schemas:

bash {baseDir}/scripts/invoke.sh list maverick-hubspot --schema

Safety

Write operations (create_crm_object, update_crm_object, association changes, pipeline or stage changes, and activity logging) modify HubSpot CRM data visible to the connected portal. Confirm clear user intent before invoking write tools — search and read tools are safe to call freely while exploring. Read the current CRM object before updating properties or associations, and use internal property names such as firstname, email, dealstage, and hubspot_owner_id.

Authentication

Tokens are provisioned and rotated automatically. If a call returns HTTP 401 that doesn't recover within a few seconds, the OAuth grant has been revoked — re-authorize the integration to refresh credentials.

Data flow

Tool calls travel to HubSpot's hosted MCP service at https://mcp.hubspot.com over HTTPS, authenticated via OAuth. HubSpot sees the contact, company, deal, ticket, association, owner, and pipeline data referenced by each call. Use this skill for HubSpot-related work only; do not pass unrelated sensitive content through these tools.

Dependencies

mcporter (github.com/steipete/mcporter) — MCP CLI used to invoke HubSpot's hosted MCP server. Auto-installed via npm install -g --ignore-scripts mcporter if missing on PATH (see install spec in frontmatter). The install spec uses unpinned mcporter (npm latest); operators with strict supply-chain controls should override the install to pin a specific version (e.g. mcporter@\x3Cversion>).
jq (stedolan.github.io/jq) — JSON processor used by the vault initializer. System dependency; install via your OS package manager (apt install jq, brew install jq, etc.).
flock (part of util-linux) — file locking used to serialize concurrent vault writes. Available by default on Linux; on macOS install via brew install flock.
shasum (Perl, ships with Digest::SHA) — computes the SHA-256 hashes used to derive the mcporter vault key and the provisioned-token marker. Preinstalled on macOS and on Debian/Ubuntu (incl. the deployed cloudflare/sandbox Ubuntu 22.04 image); on minimal Linux images install perl-Digest-SHA. The script invokes shasum -a 256 rather than GNU sha256sum so it runs on stock macOS without coreutils.

Usage Guidance

Before installing, make sure you are comfortable granting this skill OAuth access to your HubSpot portal and letting it update CRM records when you request changes. For stricter environments, pin the mcporter package version and ensure the local credential vault is protected.

Capability Analysis

Type: OpenClaw Skill Name: maverick-hubspot-mcp Version: 1.0.0 The skill bundle provides a legitimate integration with HubSpot CRM using the Model Context Protocol (MCP). It uses a wrapper script (`scripts/invoke.sh`) and a vault initializer (`scripts/init-mcporter.sh`) to securely manage HubSpot OAuth tokens and interface with the `mcporter` CLI. The implementation follows good security practices, such as using file locking (`flock`) for concurrent access, atomic file writes with `mktemp`, and passing secrets to `jq` via environment variables to prevent exposure in process listings. The data flow is restricted to HubSpot's official MCP endpoint (https://mcp.hubspot.com), and the instructions in `SKILL.md` include appropriate safety warnings regarding write operations.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The stated purpose matches the artifacts: it searches, reads, and updates HubSpot CRM data through HubSpot's hosted MCP server. The write capability is high-impact but disclosed and purpose-aligned.

ℹ Instruction Scope

The instructions explicitly warn that write operations modify HubSpot data and tell the agent to confirm clear user intent before invoking write tools.

ℹ Install Mechanism

The skill installs the mcporter npm package without pinning a version. This is disclosed in SKILL.md and is central to the skill's function, but users with stricter supply-chain requirements should pin it.

ℹ Credentials

The required OAuth environment variables and HTTPS calls to HubSpot are proportional to the HubSpot integration, with no artifact evidence of unrelated endpoints or hidden exfiltration.

ℹ Persistence & Privilege

The wrapper seeds persistent mcporter OAuth credentials in the user's home directory. This is disclosed and technically scoped to the HubSpot MCP server, but it means the skill retains HubSpot access until credentials are revoked or rotated.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install maverick-hubspot-mcp
After installation, invoke the skill by name or use /maverick-hubspot-mcp
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release providing search, read, and update capabilities for HubSpot CRM contacts, companies, deals, tickets, associations, owners, and pipelines via HubSpot's hosted MCP server. - Supports structured output and error handling using wrapper scripts and JSON envelopes. - Secure operations: distinguishes between read and write actions, with guidance for safe use of write tools. - Automated token management with support for OAuth refresh; includes troubleshooting steps for authorization errors. - Lists all required dependencies and provides automated installation for the primary CLI tool (`mcporter`).

Metadata

Slug maverick-hubspot-mcp

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Hubspot mcp?

Search, read, and update HubSpot CRM contacts, companies, deals, tickets, associations, owners, and pipelines via HubSpot's hosted MCP server (https://mcp.hu... It is an AI Agent Skill for Claude Code / OpenClaw, with 38 downloads so far.

How do I install Hubspot mcp?

Run "/install maverick-hubspot-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Hubspot mcp free?

Yes, Hubspot mcp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Hubspot mcp support?

Hubspot mcp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Hubspot mcp?

It is built and maintained by Maverick (@maverick); the current version is v1.0.0.

More Skills