Go High Level MCP 2026 Complete
clawdbot · by BusyBee3333
GoHighLevel MCP Server — 520+ tools across 40 categories. Voice AI, Proposals, Contacts, Calendars, Conversations, Opportunities, Invoices, Payments, Workflows, Social Media, and more. MCP SDK 1.26, Streamable HTTP, tool annotations.
No known CVEs
No license
Actively maintained
Last commit 3d ago
Works with most clients
Transport: stdio, sse, http
0 tools
Grade F
Step 1
Install in your client
Config is the same across clients — only the file and path differ.
CD
Supported in Claude Desktopstdio, sse, http · Node 18+
Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"ghl-mcp-server": {
"env": {
"GHL_API_KEY": "your_private_integrations_api_key",
"GHL_BASE_URL": "https://services.leadconnectorhq.com",
"GHL_LOCATION_ID": "your_location_id"
},
"args": [
"/absolute/path/to/Go-High-Level-MCP-2026-Complete/dist/server.js"
],
"command": "node"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/go-high-level-mcp-2026-complete)
Read me
What Go High Level MCP 2026 Complete does
🚀 Don't want to self-host? Join the waitlist for our fully managed solution → > Zero setup. Zero maintenance. Just connect and automate.
Test This Server
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'clawdbot' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Loading README…
Scored, not listed
Why this score
Five weighted categories — click any category to see the underlying evidence.
Score breakdown
62/100across 5 weighted dimensions
0255075100
20
18
14
10
−38
Security
Maintenance
Efficiency
Documentation
Compatibility
Categoriesclick a row to see evidence
Security
OSV.dev11 fixed
CVE-2026-28480low · fixedCVSS 3.1
OpenClaw Telegram allowlist authorization accepted mutable usernames
## Summary Telegram allowlist authorization could match on `@username` (mutable/recyclable) instead of immutable numeric sender IDs. ## Impact Operators who treat Telegram allowlists as strict identity controls could unintentionally grant access if a username changes hands (identity rebinding/spoof risk). This can allow an unauthorized sender to interact with the bot in allowlist mode. ## Affected Packages / Versions - npm `openclaw`: <= 2026.2.13 - npm `clawdbot`: <= 2026.1.24-3 ## Fix Teleg
CVE-2026-28469low · fixedCVSS 3.1
OpenClaw Google Chat shared-path webhook target ambiguity allowed cross-account policy-context misrouting
## Summary When multiple Google Chat webhook targets are registered on the same HTTP path, and request verification succeeds for more than one target, inbound webhook events could be routed by first-match semantics. This can cause cross-account policy/context misrouting. ## Affected Packages / Versions - npm: `openclaw` <= 2026.2.13 - npm: `clawdbot` <= 2026.1.24-3 ## Details Affected component: `extensions/googlechat/src/monitor.ts`. Baseline behavior allowed multiple webhook targets per pat
CVE-2026-26317low · fixedCVSS 3.1
OpenClaw affected by cross-site request forgery (CSRF) through loopback browser mutation endpoints
## Summary Browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. ## Impact A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachabl
CVE-2026-28478low · fixedCVSS 3.1
OpenClaw affected by denial of service via unbounded webhook request body buffering
### Summary Multiple webhook handlers accepted and buffered request bodies without a strict unified byte/time limit. A remote unauthenticated attacker could send oversized payloads and cause memory pressure, degrading availability. ### Details Affected packages: - `openclaw` (npm): `<2026.2.12` - `clawdbot` (npm): `<=2026.1.24-3` Root cause: - Webhook code paths buffered request payloads without consistent `maxBytes` + `timeoutMs` enforcement. - Some SDK-backed handlers parse request bodies in
CVE-2026-28452low · fixedCVSS 3.1
OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)
## Summary Archive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows. ## Affected Packages / Versions - openclaw (npm): <= 2026.2.13 - clawdbot (npm): <= 2026.1.24-3 ## Details Affected component: `src/infra/archive.ts` (`extractArchive`). The extractor now enforces resource budgets (entry count and extracted byte limits; ZIP also enforces a compressed archive size limit) and rejects over-budget
Community
Reviews
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is Go High Level MCP 2026 Complete safe to use?
- Go High Level MCP 2026 Complete has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
- How do I install Go High Level MCP 2026 Complete?
- Go High Level MCP 2026 Complete supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What AI clients work with Go High Level MCP 2026 Complete?
- Go High Level MCP 2026 Complete is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
- Is Go High Level MCP 2026 Complete actively maintained?
- Go High Level MCP 2026 Complete is actively maintained — last commit was 3 days ago. It has 52 GitHub stars.
Related
Similar servers
Others in marketing / communication
Mac_messages_mcp95An MCP server that securely interfaces with your iMessage database via the Model Context Protocol (MCP), allowing LLMs to query and analyze iMessage conversations. It includes robust phone number validation, attachment processing, contact management, group chat handling, and full support for sending and receiving messages.
279 4
Mcp_agent_mail94Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite
2.0k 6
Mcp Server Typescript94DataForSEO API modelcontextprotocol server
197 9
Autotask Mcp93MCP server for Kaseya Autotask PSA — 39 tools for companies, tickets, projects, time entries, and more
36 7
MCP Security Weekly
Get CVE alerts and security updates for Go High Level MCP 2026 Complete and similar servers.
Community
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.