Field guide - 2026

Best LinkedIn MCP Servers for Claude (2026)

An honest field guide to every LinkedIn MCP server worth knowing in 2026 - what each one actually does, who it is for, and the one question that should decide it for you: can it write to LinkedIn safely, or only read?

Connect to Claude CodeWe run it for you

Most "LinkedIn MCP" lists are thin. They rank servers by GitHub stars and call it research. This one is built from the only thing that matters once you wire an MCP into Claude and start sending: does it act, and does it act without getting your account banned?

We make one of the tools on this list - Zevari. We will tell you exactly where it wins and exactly where the others are the better pick, because if you choose wrong you churn, and a churned reader is worse for us than an honest one.

The why

Why you would want a LinkedIn MCP in the first place

Claude can research a prospect better than most SDRs. It can find the needle in the haystack. But out of the box it is, in one customer's words, "handicapped - it couldn't connect directly to LinkedIn, it can't operate LinkedIn." An MCP (Model Context Protocol) server is the bridge: it gives your Claude agent hands. Search profiles, read posts, score prospects, draft messages, run campaigns, triage the inbox - from inside the AI you already think with, instead of tabbing out to a browser tool.

The catch is that LinkedIn's own API is restrictive enough that most "MCP servers" only read. The ones that write usually do it by driving a browser session with your cookies - which is the exact mechanism that gets accounts flagged. So the real spectrum is not "which server has the most tools." It is read-only vs write-enabled, and within write-enabled, cookie-based vs session-based, autonomous vs approval-gated.

The shortlist

The 20-second version

Why trust our read on the field: Zevari is built and run by an operator who runs his own LinkedIn outbound on it daily, with a 40,000-reader newsletter and a 1,600-member GTM community behind the testing. We have shipped a write-enabled LinkedIn connector for a year with zero ban incidents - which means we have had to learn, in production, exactly where every approach on this list breaks.

Read + safe write, approval-gated, no cookies, hosted

Zevari - the one built for outbound you actually send.

Read-focused / research helpers

CClarity, ConnectSafely - good for enrichment and lookups, not for running campaigns.

Toolkit / platform aggregator

Composio - LinkedIn is one connector among hundreds; great if you are wiring many tools, thin if LinkedIn is the job.

Open-source GitHub servers

Maximum control, zero support, and you own the ban risk. For engineers who want to read the code and run it themselves.

The full list

Five entries, reviewed fairly

Each gets: what it is, who it is for, where it is strong, where it is weak, and the verdict.

1

Zevari

The write-enabled, approval-gated LinkedIn MCP

What it is
The hosted LinkedIn MCP for Claude. Your agent gets 60+ tools for search, signals, campaigns, inbox, and content - and every write action (message, connection request, comment, post) is staged for you to approve before it sends. It connects through a session-based connection with no browser cookies, and it holds state on our infrastructure, so campaigns and schedules persist - the one thing Claude alone can't do.
Who it is for
Anyone whose job is sending, not just reading. The AI/GTM engineer who runs Claude Code or Codex and wants outbound-as-code (Operator, $87/mo), and the non-technical founder or agency owner who wants the same engine run for them (Managed $997/mo, DFY $1,997/mo).
Where it is strong
It is the only server on this list built to safely write at scale. Voice DNA trains on your sent messages so drafts sound like you, not merge-tag mail. Signal-based targeting finds people who posted about your topic in the last 30 days and ICP-scores each one 1 to 5 with written reasons. Campaigns and multi-step sequences are built and advanced by your agent. Inbox Radar classifies replies by intent and stages drafts. It warms by default - comments, reactions, profile views before the ask. And the safety model is published as numbers, not adjectives: weekly connection ceilings (Free 40 / Premium 80 / Sales Navigator 150), working hours, behavioral pacing, duplicate checks, burst caps, a year of refinement, zero ban incidents.
Where it is weak (honestly)
It is opinionated about LinkedIn. It does not try to be a general agent toolkit - if you want one connector among two hundred, that is Composio, not us. It is one LinkedIn account per workspace (sub-accounts at $37 each), so multi-client setups need a workspace per client - deliberate, but worth knowing. And the surface is broad enough that some non-technical buyers tell us "you can do so much, you need guidance" - which is exactly why the Managed tier exists.
Verdict
If you intend to run real outbound from Claude and the sentence "I don't want to be banned" is anywhere in your head, this is the entry to start with. Run LinkedIn outbound as code - and if you don't run Claude Code or Codex, we run it for you.
Connect to Claude CodeWe run it for you
2

CClarity

Research and enrichment helper

What it is
A LinkedIn-data MCP server focused on lookups and enrichment - pulling profile and company data into your agent's context so it can research and personalize.
Who it is for
Engineers who want Claude to read LinkedIn well - enrich a list, research an account, pull context before a meeting - and who handle the actual sending somewhere else.
Where it is strong
Clean for the read path. If your workflow is "research and enrich, then export," a focused data server does that job without the weight of a full outbound engine.
Where it is weak (honestly)
It is not built to run safe, approval-gated outbound campaigns at scale. There is no Voice DNA, no signal-based campaign engine, no staged-write approval surface, no published ban-safety mechanics. When the job moves from "read about them" to "send to them, safely, every day," you outgrow it.
Verdict
A reasonable read/enrichment pick. We share a buyer, not a category - if your need is research, it may be all you need. The moment you need to send and not get banned, you are in write-enabled territory.
3

ConnectSafely

Lightweight, safety-conscious connector

What it is
A lighter-weight LinkedIn MCP server that leans on a careful, limits-aware posture for basic LinkedIn actions from an agent.
Who it is for
Engineers who want a small, comprehensible connector for light LinkedIn tasks and are comfortable owning the operational details themselves.
Where it is strong
Simplicity. A smaller surface is easier to reason about, and a safety-first framing is the right instinct - bans are the real risk, and any tool that takes that seriously is starting from the right place.
Where it is weak (honestly)
Light means light. You do not get a campaign engine, signal-based targeting, ICP scoring with reasons, Inbox Radar, or Voice DNA - and "safety-conscious" as a posture is not the same as published, enforced ceilings with a year of zero-incident production behind them. For one-off actions, fine. For a daily outbound motion, you will hit the ceiling of what a light connector can carry.
Verdict
A sensible minimalist option for light, careful use. If outbound is your actual job, you will want the heavier, receipt-backed engine.
4

Composio

The platform aggregator

What it is
Not a LinkedIn tool - a tool-integration platform that exposes hundreds of app connectors (LinkedIn among them) to agents through MCP, with auth and orchestration handled centrally.
Who it is for
Engineers building agents that touch many SaaS apps and want one integration layer for all of them. LinkedIn is one line item in a much larger build.
Where it is strong
Breadth and plumbing. If you are wiring Claude into Salesforce, Gmail, Slack, Notion, and LinkedIn at once, a single aggregator with managed auth is a genuinely good architectural call. That is real value, and it is value Zevari does not try to provide.
Where it is weak (honestly)
LinkedIn is a connector, not a craft. You will not get Voice DNA, signal-based ICP scoring, warm-by-default sequencing, a staged-write approval model purpose-built for LinkedIn, or published ban-safety mechanics - because that depth only exists in a tool whose entire reason to live is LinkedIn. A generic connector that "can call the LinkedIn API" is not the same thing as a system designed so you don't get your account banned doing it.
Verdict
The right choice when LinkedIn is one of many integrations. The wrong choice when LinkedIn outbound is the job - then you want depth, not breadth, and the two stack fine together.
5

Open-source GitHub LinkedIn MCP servers

DIY, self-hosted, you own the risk

What it is
A handful of community MCP servers on GitHub that wrap LinkedIn actions. Quality ranges from solid read-only research tools to ambitious projects that drive a logged-in browser session to send.
Who it is for
Engineers who want to read the source, self-host, and own every part of the stack - and who treat the LinkedIn account risk as theirs to manage.
Where it is strong
Control and cost. The code is in front of you, you can fork it, and there is no subscription. For a read-only research server you run yourself, that is a clean, cheap, transparent setup.
Where it is weak (honestly)
Two things. First, the write-enabled ones almost universally do it through browser automation with your cookies - which is precisely the mechanism behind the after-stories we hear constantly: "my account kept getting banned with the virtual assistants - LinkedIn just sees logs." Second, there is no one to call. No hosted state (so your agent can't keep persistent schedules), no support, no safety SLA, no approval surface unless you build it. You are the maintainer, the on-call, and the one whose account is on the line.
Verdict
Great for engineers who want a read-only server they fully control. Genuinely risky as a write-enabled outbound engine - the ban risk is real and it lands on your account, not a vendor's.

At a glance

The honest comparison

Every tool here does a real job for a real buyer. The column that decides it for an outbound team is the one most lists skip: can it write safely, and can it prove it?

Zevari

Primary job
Safe outbound engine
Write to LinkedIn?
Yes - full campaigns
Connection model
Session-based, no cookies
Approval gate
Every write staged
Published ban-safety
Yes - numbers published, zero incidents in a year
Hosted state
Yes
Best for
Running real outbound from Claude

CClarity

Primary job
Research / enrichment
Write to LinkedIn?
Read-focused
Connection model
Data API
Approval gate
n/a
Published ban-safety
No
Hosted state
No
Best for
Enriching and researching

ConnectSafely

Primary job
Light connector
Write to LinkedIn?
Limited
Connection model
Limits-aware
Approval gate
Partial
Published ban-safety
Posture, not published numbers
Hosted state
No
Best for
Light, careful actions

Composio

Primary job
Many-app toolkit
Write to LinkedIn?
Via generic connector
Connection model
Managed auth
Approval gate
n/a
Published ban-safety
No
Hosted state
Platform-level
Best for
LinkedIn as one of many integrations

OSS GitHub

Primary job
DIY, self-hosted
Write to LinkedIn?
Some, via browser/cookies
Connection model
Often cookie-based
Approval gate
Build it yourself
Published ban-safety
No
Hosted state
No
Best for
Engineers who want full control, read-only

The decision

How to actually choose

Answer one question first: are you reading or sending?

If you are reading - researching accounts, enriching lists, pulling context - a focused data server (CClarity), a light connector (ConnectSafely), or a self-hosted OSS read-only server is plenty, and probably cheaper.

If you are building an agent that touches many apps and LinkedIn is one of them, Composio is the clean architectural answer.

If you are sending - running outbound, campaigns, follow-ups, the inbox - the question collapses to safety. A write-enabled server that drives your browser with cookies is the model behind most ban stories. A session-based, approval-gated, hosted server with published limits is the model built so that doesn't happen. That is the entry Zevari is on this list to be.

Safety

"I don't want to be banned." That is the whole game.

The number one fear in LinkedIn outbound is the ban. Cookie-based browser automation - how most write-enabled servers touch LinkedIn - is exactly what triggers it. Zevari was built for this: session-based, approval-gated, paced, and capped, with the limits published as numbers. A year of refinement. Zero ban incidents.

Read the full safety model
Every write action - message, connection request, comment, post - is staged for your approval before it touches your account.
Session-based connection. No browser cookies.
Weekly connection ceilings enforced by the platform: Free 40 / Premium 80 / Sales Navigator 150.
Working hours, behavioral pacing, duplicate checks, and burst caps - a year of refinement, zero ban incidents.

Two ways in

For the engineer, and for the owner

Same approval-gated engine on both lanes. Reach Zevari over MCP for Claude Code and Codex, or our REST API from your own code.

For the engineer (Operator - $87/mo)

Skip the evaluation theater. Connect Zevari to Claude Code or Codex, get 60+ tools for search, signals, campaigns, inbox, and content, and run outbound-as-code with human-in-the-loop approval gates already wired in. Hosted state keeps your campaigns and schedules alive between sessions - the persistent scheduling Claude Code or Codex can't do alone. Sub-accounts are $37 each. Free to start, cancel anytime.

Connect to Claude Code

For the owner (we run it for you)

You pay an appointment setter or AI SDR thousands a month to work your LinkedIn. We run the same engine - research, voice-matched messages, campaigns, replies - for $997/mo, and you approve every send from Slack in minutes a day. Live in 14 days or your setup fee is refunded; 60-day out.

We run it for you

FAQ

The questions buyers ask

What is a LinkedIn MCP server?

An MCP (Model Context Protocol) server is a bridge that gives a Claude agent hands on LinkedIn - the ability to search profiles, read posts, score prospects, draft messages, run campaigns, and triage the inbox from inside Claude instead of from a browser tool. Without one, Claude can research LinkedIn but cannot operate it.

Which is the best LinkedIn MCP server in 2026?

It depends on whether you are reading or sending. For research and enrichment, a focused data server or a self-hosted open-source read-only server works. For running real outbound safely - campaigns, follow-ups, the inbox - Zevari is built for that job: it writes to LinkedIn through a session-based connection with no browser cookies, stages every send for your approval, and publishes its ban-safety limits, with a year of production and zero ban incidents.

Will a LinkedIn MCP server get my account banned?

It can, and that is the most important question on this page. Most write-enabled servers - especially open-source ones - drive a logged-in browser session with your cookies, which is the mechanism behind most ban stories ("LinkedIn just sees logs"). Zevari uses a session-based connection with no browser cookies, stages every write action for human approval, and enforces weekly connection ceilings (Free 40, Premium 80, Sales Navigator 150), working hours, behavioral pacing, duplicate checks, and burst caps - a year of refinement with zero ban incidents.

Do most LinkedIn MCP servers only read, or can they write?

Most only read, because LinkedIn's API is restrictive. The ones that write usually do it through cookie-based browser automation, which carries ban risk. Write-enabled, approval-gated, session-based servers are rare - Zevari is built specifically to write safely.

Can I use a LinkedIn MCP server without LinkedIn Sales Navigator?

Yes. You can start without it. Sales Navigator only raises your weekly connection limit (to 150 versus 80 on Premium and 40 on Free) - it is not required to run a LinkedIn MCP server like Zevari.

Are open-source LinkedIn MCP servers safe to use?

Read-only ones are generally fine and give you full control of the code. Write-enabled open-source servers are the risk: they typically send through browser automation with your cookies, there is no hosted state or support, and the ban risk lands entirely on your account. If you send at any real volume, a hosted server with published safety limits and an approval gate is the safer call.

I'm not technical. Can I still use a LinkedIn MCP server?

You do not have to operate it yourself. If you do not run Claude Code or Codex, Zevari's Managed tier runs the whole engine for you - setup, scheduled workflows, tuning - and you approve sends from a simple Slack digest in minutes a day. It is application-gated for buyers with an established offer and paying customers, so the $997/mo replaces what you already spend on an appointment setter.

Start with the one built to send, safely

Same approval-gated engine on both lanes. Reach Zevari over MCP for Claude Code and Codex, or our REST API from your own code.

You run Claude Code or Codex

Give your agent hands on LinkedIn - signal-based, ban-safe, in your voice. Connect over MCP for Claude Code and Codex, or call our REST API from your own code.

Connect to Claude Code

We run it for you

Don't run Claude Code or Codex - and already paying for an appointment setter or AI SDR? We run the engine and you approve every send from Slack in minutes a day.

We run it for you

Zevari - the LinkedIn execution layer for Claude. Your agent sleeps; your pipeline doesn't.