NetSuite MCP Server

MCP proxy server that authenticates with NetSuite via OAuth 2.0 PKCE and forwards tool calls to NetSuite's native MCP API endpoint

Overall Score59/100

Score Breakdown

Authentication & Identity1 finding↓0/25

Tool Schema Quality2 findings↓17/25

Permission Granularity20/20

LLM Safety1 finding↓11/15

Data Exposure1 finding↓8/10

Maintenance & Trust1 finding↓3/5

Server Info

Package: @suiteinsider/netsuite-mcp
Registry: npm
Repository: dsvantien/netsuite-mcp-server
Maintainer: Community
Category: Enterprise
Tags: erpnetsuiteaccounting
Last Scanned: 7 Apr 2026

Findings

6 issues

Authentication & Identity

HIGHNo per-request auth - requires instance-per-user

Stdio transport only. Uses OAuth 2.0 with PKCE for NetSuite authentication (not MCP OAuth spec). Launches a local callback server on configurable port (default 8080) for the OAuth redirect. Tokens are stored in a local sessions/session.json file. Environment variables are optional; credentials can a... For multi-tenant deployment, the platform must spawn a separate server instance per user.

Remediation

Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.

Tool Schema Quality

HIGHRequired fields missing on 2 write operations

Write tools without required field declarations: netsuite_authenticate, netsuite_logout.

Remediation

Add required arrays to all write/delete tool schemas.

MEDIUMOnly 0 of 2 schemas have parameter constraints

Most schemas lack maxLength, enum, or pattern constraints on string parameters.

Remediation

Add constraints to string parameters, especially on write operations.

LLM Safety

HIGHTool descriptions contain instructional language

Descriptions include directives that could influence LLM behavior beyond tool selection.

Remediation

Remove instructional language. Descriptions should be purely factual.

Data Exposure

LOWNo field selection on responses

Responses return full records rather than projected fields.

Remediation

Implement field selection to return only relevant fields.

Maintenance & Trust

LOWCommunity-maintained by SuiteInsider (dsvantien)

No official vendor backing.

Remediation

Seek vendor verification.

Tools

2 total

Name	Description	Risk
netsuite_authenticate	Authenticate with NetSuite to access MCP tools. Required before using any NetSuite tools. If NETSUITE_ACCOUNT_ID and NETSUITE_CLIENT_ID environment variables are set, they will be used automatically.	admin
netsuite_logout	Clear NetSuite authentication session and logout	admin

Deploy NetSuite MCP Server securely

CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.

Deploy on CompleteFlow