google-mcp
Verified Safeby matiasbattocchia
Overview
A public Model Context Protocol (MCP) server that enables AI assistants to access Google Calendar and Sheets without requiring users to set up their own Google Cloud project.
Installation
npm run devEnvironment Variables
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- BASE_URL
Security Notes
The server stores Google OAuth refresh tokens and the generated API keys directly in the D1 database without application-level encryption or hashing. While Cloudflare D1 provides encryption at rest, a compromise of the database (e.g., through an SQL injection vulnerability or a Cloudflare internal breach) would expose all user API keys and refresh tokens. This contradicts the README's claims of 'Hashed' for API Keys and 'Encrypted' for OAuth Tokens, which are misleading if interpreted as application-level security measures. Refresh tokens grant long-term access to a user's Google account, making their direct storage a critical vulnerability. Other security aspects like input validation (Zod), proper OAuth flow implementation, and use of environment variables for secrets are well-handled. There is no usage of 'eval' or obvious malicious patterns.
Similar Servers
google-tag-manager-mcp-server
This server acts as a middleware to connect MCP (Model Context Protocol) clients with the Google Tag Manager API, enabling programmatic management of GTM accounts, containers, and resources.
google-calendar-streamable-mcp-server
Manages Google Calendar events, checks availability, and schedules meetings via the Model Context Protocol (MCP) using OAuth 2.1.
mcp-gsheets
A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.
gcal-mcp-server
Provides intelligent Google Calendar integration, event management, and scheduling capabilities through a standardized Model Context Protocol (MCP) interface for AI assistants.