google-workspace-mcp

A Model Context Protocol (MCP) server that provides authenticated access to Google Workspace APIs, offering integrated Authentication, Gmail, Calendar, and Drive functionality

Repository⭐ 97 starsLast scanned: 9/14/2025

7/10

HIGH RISK

Threat Matrix - SAFE-MCP Framework

Initial Access

ATK-TA0001

5/10

SAFE-T1002OAuth Misconfiguration

Execution

ATK-TA0002

3/10

Persistence

ATK-TA0003

2/10

Privilege Escalation

ATK-TA0004

1/10

Defense Evasion

ATK-TA0005

2/10

Credential Access

ATK-TA0006

6/10

Discovery

ATK-TA0007

4/10

Lateral Movement

ATK-TA0008

1/10

Collection

ATK-TA0009

5/10

Command & Control

ATK-TA0011

1/10

Exfiltration

ATK-TA0010

5/10

Impact

ATK-TA0040

10/10

SAFE-T1001Tool Poisoning

Risk Levels:

Critical (7-10)

High (5-6)

Medium (3-4)

Low (1-2)

2 techniques detected across 2 tactics

AI-Enhanced Risk Scenarios

Executive Summary

The security analysis of the google-workspace-mcp repository reveals several high and medium severity vulnerabilities that could lead to unauthorized access and data breaches. Key risks include OAuth credential exposure, insecure Docker configurations, and the use of placeholder credentials. Immediate action is required to mitigate these vulnerabilities and protect sensitive user data.

Overall Risk: HIGH

Critical Attack Paths (4)

OAuth Client Secret Exposure Leading to Unauthorized Access

high likelihoodmajor impact

1.Attacker discovers the exposed OAuth client secret in `config/gauth.example.json`.

2.Attacker uses the client secret to request OAuth tokens from Google's OAuth 2.0 server.

+1 more steps

Localhost Redirect URI Interception

medium likelihoodmoderate impact

1.Attacker runs a malicious application on the same machine as the victim.

2.Victim initiates an OAuth flow with `redirect_uri` set to `http://localhost:8080`.

+1 more steps

Insecure Docker Configuration Leading to Code Execution

high likelihoodmajor impact

1.Attacker gains access to the Docker host running the application.

2.Attacker modifies `smithery.yaml` to mount sensitive directories into the container.

+1 more steps

View all 4 scenarios in the Risk Scenarios tab

Prioritized Mitigations

undefinedimmediate

undefinedhigh

Critical

High

Medium

Low

Exposed OAuth Client SecretHIGH

The `gauth.example.json` file contains a placeholder client secret. If the example configuration is used in production without modification, it exposes the application to potential OAuth attacks.

Localhost Redirect URI in OAuthMEDIUM

The `redirect_uri` in `gauth.example.json` is set to `http://localhost:8080`. This is insecure as malicious applications running on the same machine can intercept the OAuth code.

Insecure Volume Mount in DockerHIGH

The `smithery.yaml` file uses a `docker run` command with a volume mount that exposes the configuration directory to the container. This can allow an attacker to modify the configuration files and potentially gain control of the application.

Example Accounts with Placeholder CredentialsMEDIUM

The `accounts.example.json` file contains example accounts with placeholder access and refresh tokens. If used in production, this allows unauthorized access to the example account.

Dependency on uuid@11.1.0LOW

The project depends on `uuid@11.1.0`. While this version may not have known critical vulnerabilities, it is unusual to depend on a version 11 of a package when the current major version is much lower. This could indicate a typo or misunderstanding in dependency management.