LinkedIn MCP servers, compared
A LinkedIn MCP server gives an AI agent tools to work with LinkedIn — reading profiles, searching people, and (with some) commenting, connecting, and messaging. The options split into three camps: open-source scrapers, managed toolkits, and governed action servers. The difference that matters most is how likely each is to get your account restricted.
The most popular LinkedIn MCP servers are scrapers: they drive your logged-in session with a headless browser. That works — until LinkedIn's automated-behavior detection flags the account. Enforcement keys on volume and cadence: hundreds of actions in minutes, at machine speed, looking nothing like a person. Reading is safer than writing, and pacing is the whole game. Pick your server with that in mind.
| Server | Approach | Account risk | Setup |
|---|---|---|---|
| stickerdaniel/linkedin-mcp-server | Drives your logged-in session (a headless browser) to scrape profiles, companies, and jobs. The most popular open-source option. | Higher Automated scraping violates LinkedIn's User Agreement; sessions get flagged and accounts restricted. | Self-host (Docker / uvx) with your own LinkedIn session cookie. |
| felipfr/linkedin-mcpserver | Community open-source server in the same session-scraping family. | Higher Same scraping ToS exposure — you are automating your own account against the rules. | Self-host with your credentials. |
| Apify LinkedIn MCP | Runs Apify's LinkedIn scraper actors for data extraction (profiles, search results) rather than acting as you. | Medium Scraping-based and usage-priced; extraction, not engagement — no posting/messaging from your account. | Apify account + API token. |
| Composio LinkedIn | Managed toolkit; actions run through Composio's platform with a hosted OAuth connection. | Medium Auth is managed for you; risk depends on the underlying methods and which actions you enable. | Composio account + OAuth connection. |
| Apex (by LeadShark) Governed | Governed real actions — search, research, comment, connect, message — as you, not a scraper. Every action is paced, rate-limited, and logged. | Managed Managed: kept within safe behavioral limits derived from patterns across 8M+ real LinkedIn actions, so the account isn't hammered into a restriction. | Remote MCP — connect your account, no self-hosting. |
Reads are generally lower-risk than writes; automating your own session at full speed is the riskiest pattern. This is a landscape guide, not legal advice — check LinkedIn's User Agreement for your use case.
Reading is one thing; acting — commenting, connecting, messaging at any volume — is where accounts get restricted. That's the gap Apex is built for: real LinkedIn actions as you, but paced, rate-limited, and logged, with safety limits derived from patterns across 8M+ real actions. It's a remote MCP — connect your account, no scraper to self-host.
See the Apex MCP serverWhat is a LinkedIn MCP server?
A LinkedIn MCP server is a Model Context Protocol server that gives an AI agent (Claude, Cursor, or any MCP client) tools to work with LinkedIn — reading profiles and posts, searching people and companies, and, in some cases, commenting, connecting, and messaging. The agent calls the server's tools instead of you clicking around LinkedIn by hand.
Is using a LinkedIn MCP server against LinkedIn's Terms of Service?
Automating LinkedIn generally sits against LinkedIn's User Agreement, and the riskiest pattern is a scraper that drives your logged-in session — that's what gets accounts flagged and restricted. Lower-risk approaches either extract public data through a dedicated platform or take real actions in a paced, rate-limited way that stays within safe behavioral limits. No automation is zero-risk, but the approach matters a lot.
Which LinkedIn MCP server is best?
For self-hosted scraping and reading, stickerdaniel/linkedin-mcp-server is the most popular open-source choice. For managed data extraction, Apify or Composio. For actually running outbound (comment, connect, message) without getting your account restricted, a governed option like Apex is built for that — actions are paced and logged rather than scraped at full speed.
Can I get my LinkedIn account banned?
Yes — the common way people get restricted is running an unpaced scraper or bot that behaves nothing like a human: hundreds of actions in minutes, at all hours. Governed tools reduce that risk by capping and pacing actions within limits derived from real usage. Reading is safer than writing; volume and cadence are what trigger enforcement.
How do I add a LinkedIn MCP server to Claude?
Self-hosted servers run locally (e.g. via Docker or uvx) and you add them to your client's MCP config with your credentials. Remote servers like Apex are added by URL — connect the endpoint in Claude, Cursor, or your client and authenticate once. Each server's page lists the exact setup.
Browse the full index by capability, transport, and risk — or see how a verified server is packaged into a governed loadout with approvals before your agent uses it.
Explore all MCP servers