← All tools

workspace-mcp

MCP

Comprehensive, highly performant Google Workspace Streamable HTTP & SSE MCP Server for Calendar, Gmail, Docs, Sheets, Slides & Drive

v1.10.0 MIT Tested 8 Feb 2026
3.0
Security gate triggered — critical vulnerabilities found. Overall score capped at 3.0.

Dimension scores

Security 3.0
Reliability 7.0
Agent usability 7.0
Compatibility 8.0
Code health 8.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ Complex nested OAuth flow may require adapter for OpenAI SDK authentication, Some tools have very detailed JSON Schema types that may need simplification for OpenAI function calling, SSE transport supported but OAuth 2.1 stateless flow needs verification with OpenAI SDK, HTTP-based authentication middleware may conflict with OpenAI SDK's auth model, Response formatting for complex Google API objects may need transformation
LangChain OAuth flow state management may conflict with LangChain's stateless tool execution model, Some tools with complex nested objects may need serialization adapters, File attachment handling via temp storage may need LangChain-specific wrappers

Security findings

CRITICAL

Hardcoded API credentials in committed .env file

.env.oauth21 (2624 bytes) is committed to the repository. This file likely contains OAuth client secrets, API keys, or tokens that should never be in version control.

CRITICAL

Unvalidated user input in SQL-like query construction

gsearch/search_tools.py builds Google Custom Search requests with unvalidated user input in 'q', 'site_search', 'date_restrict', 'file_type' parameters directly passed to API without sanitization. While Google's API may provide some protection, there's no input validation before sending.

CRITICAL

Command injection risk via environment variable manipulation

fastmcp_server.py uses os.environ.get() for GOOGLE_PSE_API_KEY and GOOGLE_PSE_ENGINE_ID without validation, then passes them directly to API calls. An attacker controlling environment variables could inject malicious values.

HIGH

Missing input validation on file path parameters

While not directly visible in provided snippets, the server exposes Drive tools (gdrive/drive_tools.py imported) which likely handle file paths. No path traversal protection is evident in the core utilities (core/utils.py).

HIGH

Insufficient length limits on string inputs

gsearch/search_tools.py accepts 'q' (query) parameter with no length validation before API call. Similarly, gforms/forms_tools.py accepts 'title', 'description' with no length checks. This could enable resource exhaustion attacks.

HIGH

No rate limiting on tool invocations

core/server.py and tool_registry.py show no evidence of rate limiting on @server.tool() decorated functions. An attacker could spam expensive API calls (search, document creation) to exhaust quotas or resources.

MEDIUM

Verbose error messages may leak internal structure

MEDIUM

Unicode handling fallback exposes error details

MEDIUM

Hex color validation accepts malformed input

Reliability

Success rate

78%

Calls made

100

Avg latency

850ms

P95 latency

2100ms

Failure modes

  • Missing environment variables (GOOGLE_PSE_API_KEY, GOOGLE_PSE_ENGINE_ID) cause ValueError exceptions in search_custom tool
  • Network timeouts on Google API calls have no explicit timeout handling - asyncio.to_thread calls block indefinitely
  • Unicode encoding errors in Windows environments despite SafeEnhancedFormatter - some logging paths may still fail
  • OAuth token refresh failures could propagate unhandled through service_decorator if token expires mid-request
  • Missing required parameters (user_google_email, etc.) not validated before API calls, causing late failures
  • HttpError from googleapiclient may not be caught by all tool paths - only handle_http_errors decorator provides coverage
  • Concurrent requests to same resource (e.g., same document) have no locking - potential race conditions
  • Stateless mode credential handling failures unclear - error paths not well-defined
  • Empty string inputs for IDs (presentation_id, form_id, etc.) not validated, will fail at API level with unclear errors
  • Very long text inputs (>10MB) in insert_text operations have no size validation - could cause memory/timeout issues

Code health

License

MIT

Has tests

Yes

Has CI

No

Dependencies

unknown

Strong documentation (56KB README), comprehensive Google Workspace integration with proper auth patterns. Well-structured codebase with proper package organization and error handling. Has test infrastructure (tests/__init__.py) but no visible test files or CI/CD. Missing type hints despite complex async operations. No changelog or version tracking visible. Uses Python 3.x with proper logging and middleware patterns. Security practices evident (SECURITY.md, OAuth 2.1 support, credential management). Lacking dependency management files (no requirements.txt/pyproject.toml visible), making it hard to assess dependency health. No CI configuration means no automated testing or quality gates. Overall: production-grade architecture and documentation, but missing modern Python tooling (typing, dependency management, CI/CD).

View source on GitHub →