stateful-auth-for-mcp-servers
by SirKanaad26
Overview
Integrates Google Gmail and Calendar APIs to enable an AI agent to read emails and manage calendar events with stateful authorization for event deletions.
Installation
python3 mcp_server.pySecurity Notes
The server has a critical prompt injection vulnerability as explicitly stated in the README. Email content, fetched by the `read_emails` tool, is passed directly to the AI model without sanitization. This allows malicious instructions embedded in emails to manipulate the AI into performing unintended calendar actions (e.g., creating, updating, or deleting events). While a stateful authorization layer was added to prevent deletion of *external* calendar events, it does not mitigate the risk of: 1) creating new malicious events, 2) updating existing events (even external ones), or 3) deleting MCP-created events based on injected prompts. The AI model retains full `calendar` scope, allowing broad manipulation. The README advises against production use.
Similar Servers
gmail-mcp
Manages Gmail emails programmatically, enabling AI systems to read, send, archive, and perform other email operations on behalf of a user.
gcal-mcp-server
Provides intelligent Google Calendar integration, event management, and scheduling capabilities through a standardized Model Context Protocol (MCP) interface for AI assistants.
calendar-mcp
A unified Model Context Protocol (MCP) server that enables AI assistants to access multiple email and calendar accounts simultaneously across Microsoft 365, Outlook.com, and Google Workspace.
gcal-mcp
Serves as a Model Context Protocol (MCP) server for Google Calendar to query upcoming, date-specific, and searchable events.