Operator-narrative review · Updated 2026-05-22

Close MCP Review (2026): the inside-sales CRM with the sharpest write-surface gating on the market

Close ships its hosted MCP server at https://mcp.close.com/mcp, using HTTP Streamable transport with OAuth 2.0 and Dynamic Client Registration. The shipped permission model is the part that should change how you think about MCP-CRM security: the Close-Scope header gates writes into three distinct levels — read, write_safe, write_destructive — so an agent loop that creates 50 leads can't accidentally also delete 50 leads. Combined with Chloe AI bundling and $9-$139/user/mo per-seat pricing, this is the cleanest LLM-native CRM shape for inside-sales motions in 2026.

Quick context. We run StackSwap MCP — a GTM-focused MCP server. We're a Close affiliate (we use it for our own RevOps tracking and recommend it to operators); the analysis below is the same one we'd give a friend evaluating Close MCP against Attio MCP and HubSpot MCP cold.

Want to try Close?

Close + native MCP is the cleanest LLM-native inside-sales shape in 2026

Power Dialer, SMS, Chloe AI, and full CRM write access — all reachable from Claude via OAuth + Dynamic Client Registration. Solo $9/user/mo, Essentials $35, Growth $99, Scale $139.

Start with Close →Affiliate link — StackSwap earns a commission if you sign up for Close. We only partner with tools we'd recommend anyway.

What Close MCP is, in operator terms

Close runs a hosted MCP server at https://mcp.close.com/mcp. You connect Claude Desktop, claude.ai, Claude Code, ChatGPT, Cursor, n8n, or VSCode via OAuth — Dynamic Client Registration means the MCP client registers itself with the OAuth server automatically, no manual OAuth-app provisioning required. Once connected, the LLM sees Close CRM records (leads, opportunities, contacts, activities, calls, SMS, emails, tasks, notes) plus the Chloe AI context (call summaries, follow-up drafts, enrichment data).

Two distinctions worth marking. First, this is hosted by Close, not self-hosted. No deployment, no patching the API client when Close ships a schema change, no separate cost — MCP access is included on every Close tier. Second, the HTTP Streamable transport handles long-lived sessions cleanly (which matters for agent loops that pull large amounts of CRM data) where older stdio-based MCP transports would have struggled.

The Close-Scope permission model is the headline

Most MCP servers ship one of two write-permission shapes: either "you authenticated, you have full access to do whatever the API allows" (Apollo, HubSpot) or "every write requires confirmation in the client" (Attio). Close splits the surface a third way: the Close-Scope request header gates the MCP session into one of three levels, and the LLM operates inside that level for the duration of the session.

The structural value is that Close-Scope makes the most dangerous capability (destroy data) opt-in per session rather than opt-out per call. An over-eager agent loop running under write_safe can create 100 unnecessary leads, but it can't delete the existing 100. The damage is bounded by the scope you connected under — not by the LLM's enthusiasm or the MCP client's confirmation UX.

Chloe AI integration — the second-order advantage

Chloe is Close's bundled AI agent: notetaker on calls (transcription + summary), draft follow-up emails after calls, contact enrichment, the voice agent rolling out in 2026. Close MCP exposes Chloe's outputs as first-class CRM data — call summaries, pending follow-up drafts, enrichment data — so an MCP-connected Claude session can read Chloe's work and orchestrate the next step.

The realistic workflow: Chloe runs on every sales call (notetaker, summary, draft follow-up). At end-of-day, Claude reads via MCP all of today's call summaries from Chloe, identifies the deals with stalled signals, drafts re-engagement copy grounded in both the call summary and the deal stage context, and queues the drafts under write_safe scope for human review the next morning. The composition (Chloe captures context inside Close → Claude orchestrates across the day's calls) is the kind of workflow that requires either deep custom integration or MCP. Close ships MCP.

What you can actually do with Close MCP

Close MCP vs Attio MCP vs HubSpot MCP — head-to-head

DimensionClose MCPAttio MCPHubSpot MCP
Endpointhttps://mcp.close.com/mcpHosted by AttioRemote HTTP (developers.hubspot.com/mcp)
TransportHTTP StreamableHTTP / OAuthRemote HTTP
AuthOAuth 2.0 + Dynamic Client RegistrationOAuth onlyOAuth
Write gatingClose-Scope header (read / write_safe / write_destructive)Writes require confirmation in clientStandard OAuth scopes
Bundled AI agentChloe AI (notetaker, drafts, enrichment, voice)None — bring your ownBreeze AI (Prospecting, Customer, Content, Social, Data)
Fits best whenInside-sales motion, phone-led, 20+ dials/dayRelationship-led, deep object modelMarketing-led, contact-lifecycle, unified hub
Entry pricing$9/user/mo Solo, $35 Essentials, $99 Growth, $139 ScaleIncluded in Attio subscriptionFree CRM real; Pro/Enterprise scales up

The honest framing: pick the CRM by motion fit, then enjoy the MCP layer it ships with. Close MCP earns the inside-sales eval when phone-led outbound is the engine — the Chloe integration plus the call/SMS write surface are second-order advantages no relationship- or marketing-led CRM matches. Attio fits relationship-led teams with deep object models. HubSpot fits marketing-led pipelines with unified hub. All three ship serious native MCP; the differentiation is motion fit, not MCP capability.

The setup gotcha — scoped user, conservative initial scope

Same advice as every MCP server with a write surface: don't connect your Close admin account. Create a separate Close user with scoped permissions for AI work — limited pipelines, no destructive permissions in Close itself, restricted to lower Close-Scope values for the connection.

For the first month, connect under read scope and observe how the LLM uses the surface. Once you have calibration on what the agent actually does, escalate to write_safe for the production workflows that need it. Reserve write_destructive for one-off cleanup sessions where a human is actively driving the conversation. The split scoping is the shipped safety mechanism; using it as designed eliminates 95% of the risk.

Where StackSwap MCP fits

Close MCP exposes Close data. The cross-vendor question — "should I keep Close or migrate to HubSpot as we scale past 25 reps", "what's our actual GTM tooling spend including Close + the rest", "which outbound sequencing tool pairs cleanest with Close" — sits at a different layer. That's where StackSwap MCP slots in: ~400 GTM tools with monthly costs, AI-readiness scores, 104 hand-verified overlap pairs, and operator-narrative KB articles. Both MCPs load into the same Claude session. No middleware between them.

Want to try Close?

Close ships the sharpest write-surface gating on the market — and bundles Chloe AI on every tier above Solo

The Close-Scope header model (read / write_safe / write_destructive) is the structural advantage no other MCP-shipping CRM has. Pair with the bundled Power Dialer + Chloe AI surface for the cleanest inside-sales motion in 2026.

Start with Close →Affiliate link — StackSwap earns a commission if you sign up for Close. We only partner with tools we'd recommend anyway.

FAQ

Close MCP is Close's hosted Model Context Protocol server at https://mcp.close.com/mcp. It uses HTTP Streamable transport with OAuth 2.0 + Dynamic Client Registration, which means MCP clients (Claude Desktop, Claude Code, claude.ai, ChatGPT, Cursor, n8n, VSCode) can register themselves dynamically — no manual client-ID provisioning step required on the Close side. The server exposes read/write access to Close CRM records, leads, opportunities, activities, calls, SMS, emails, and the Chloe AI agent context. Close hosts it; you connect via OAuth from your MCP client.

Close-Scope is the header-based permission model that scopes what an MCP client can do once connected. Three scope values: 'read' (search and retrieve only, no writes), 'write_safe' (writes that don't destroy data — create leads, log activities, send messages), and 'write_destructive' (full delete and bulk-modification capability). The default scope on connection is conservative; you escalate scope per session as the workflow requires it. This is sharper than most MCP servers ship — Close split the write surface into 'safe' vs 'destructive' so an agent loop that creates 50 leads can't also delete 50 leads by accident. Treat 'write_destructive' as the same blast radius as a workspace-admin token and don't connect under that scope unless the specific session requires it.

Chloe AI is Close's bundled AI agent — notetaker on calls, follow-up email drafts, contact enrichment, voice agent (the 2026 release). The MCP server exposes Chloe's context: which calls Chloe has summarized, which follow-up drafts are pending review, what enrichment data Chloe has surfaced on a lead. From an MCP-connected client like Claude, you can ask 'show me the calls Chloe summarized this week with deals stalled in stage Demo Scheduled' and get a structured response that includes both the Close CRM data and Chloe's summary text. The integration matters because most Close customers run Chloe as the primary AI surface inside Close, and the MCP layer makes that surface composable with external LLM workflows — Claude can read Chloe's outputs and orchestrate next-steps across Close + external tools.

Dynamic Client Registration (DCR) is the OAuth 2.0 extension that lets MCP clients register themselves with the OAuth server automatically — no manual 'add new OAuth app, get client ID, paste into config' step. Practical impact: when you connect Claude Desktop to Close MCP for the first time, Claude registers itself dynamically, gets a client ID, completes the OAuth flow, and you're done. Without DCR, every MCP client would require a manual OAuth-app provisioning step on the Close admin side — slow, fragile, and adoption-killing. DCR is the spec detail that makes one-click MCP install actually one-click. Close shipping it on day one is a sharper commercial call than the launch coverage credits.

Real operator workflows: (1) ask Claude to summarize this week's call activity, surface stalled deals and accounts with no touch in 14+ days; (2) draft follow-up emails to every contact at a specific account by reading person + lead + opportunity + Chloe call-summary context in a single agent turn; (3) bulk-update opportunity stages or task assignments via natural-language prompt that fires under write_safe scope; (4) build agent loops where Claude reviews Chloe's call summaries, decides which leads need re-engagement, drafts the follow-up, and queues it for human review before send; (5) cross-tool orchestration where Close MCP + Apollo MCP + a sequencing MCP let Claude source new contacts, push them into Close as leads, and run cadences against them — all in one conversation. The bundled call-first motion (Power Dialer + SMS + Chloe) gives Close MCP a richer write surface than CRMs that don't bundle telephony.

No. Same operator advice as Attio MCP, Apollo MCP, and any MCP server with a write surface. Create a separate Close user with scoped permissions for AI connections — read access to the pipelines the agent should see, write access only where you want the agent to operate, restricted to the lower Close-Scope values until you've calibrated. Two reasons: (1) the LLM inherits the connected user's permissions, so an admin connection partially defeats the Close-Scope safety mechanism; (2) the activity feed shows every agent action under that user, so a dedicated AI user keeps the audit trail clean and separable from your team's human work. Five minutes of setup; eliminates the dominant blast radius.

Three different shapes for three different motions. Close MCP fits the inside-sales-execution motion where the dial is the bottleneck — Power Dialer, Predictive Dialer, SMS, Chloe AI, all bundled, MCP exposes the full Close surface. Per-seat pricing $9 (Solo) / $35 / $99 / $139, with Chloe AI bundled into the higher tiers. Attio MCP fits relationship-led motions with deep relational object models (custom records, account-based pipelines, multi-entity deals). HubSpot MCP fits marketing-led pipelines where contact lifecycle + content + sales share the same graph; HubSpot's MCP is the broadest in scope (covers Marketing, Sales, Service, Operations, Content, and Breeze AI). The honest framing: pick the CRM by motion fit, then enjoy the MCP layer that comes with it. Close MCP earns its place in the eval when phone-led outbound is the engine; the bundled Chloe context is the second-order advantage.

Yes, with the standard MCP operator setup. The shipped security model is solid: OAuth 2.0 + Dynamic Client Registration (no API key handling), user-scoped permissions, Close-Scope header for write-surface gating (read / write_safe / write_destructive), full audit log under the authenticated user. The remaining concerns are operator-side: (1) connect with a scoped Close user, not admin; (2) default to write_safe scope and escalate to write_destructive only for sessions that explicitly need it; (3) verify your MCP client's confirmation UX before turning the LLM loose on bulk operations; (4) for regulated industries, validate the LLM client's data-handling separately. For SMB and mid-market inside-sales motions, the shipped Close MCP security model is production-grade.

Related reading

Canonical URL: https://stackswap.ai/close-mcp-review. Disclosure: StackSwap is a Close affiliate.