Is Google Appscript Mcp Server safe to use?

Google Appscript Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Google Appscript Mcp Server?

Google Appscript Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Google Appscript Mcp Server do?

Google Appscript Mcp Server provides 16 tools: createScriptProject, getScriptProject, updateScriptProject, getScriptContent, updateScriptContent and 11 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Google Appscript Mcp Server?

Google Appscript Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Google Appscript Mcp Server actively maintained?

Google Appscript Mcp Server is recently maintained — last commit was 31 days ago. It has 44 GitHub stars.

Google Appscript Mcp Server

Name: Google Appscript Mcp Server
Author: mohalmah

node-fetch · by mohalmah

44 144.9M/wk 16 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 31d ago

Works with most clients

Transport: stdio, sse, http

16 tools · ~1.4k tok

Grade B · 0.7% of 200K ctx

Edit this pageView history

Productivity Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "google-apps-script": {
      "env": {
        "GOOGLE_APP_SCRIPT_API_CLIENT_ID": "your_client_id_here",
        "GOOGLE_APP_SCRIPT_API_CLIENT_SECRET": "your_client_secret_here"
      },
      "args": [
        "<absolute_path_to_mcpServer.js>"
      ],
      "command": "<absolute_path_to_node_executable>"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/google-appscript-mcp-server)](https://mcppedia.org/s/google-appscript-mcp-server)

Read me

What Google Appscript Mcp Server does

Author: mohalmah Repository: google-apps-script-mcp-server

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'node-fetch' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

84/100across 5 weighted dimensions

How we score →

0255075100

−16

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2022-2596low · fixedCVSS 3.1

node-fetch Inefficient Regular Expression Complexity

[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.

Affected: >= 3.0.0Fixed in 3.2.10source →

CVE-2022-0235low · fixedCVSS 3

node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as `authorization`, `www-authenticate`, `cookie`, & `cookie2` when redirecting to a untrusted site.

Affected: >= 3.0.0Fixed in 3.1.1source →

CVE-2020-15168low · fixedCVSS 3.1

The `size` option isn't honored after following a redirect in node-fetch

### Impact Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a `FetchError` would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after `fetch()` has completed, your JS thread could get t

Affected: >= 2.0.0Fixed in 2.6.1source →

Inventory

Tools (16)

Click any tool to inspect its schema.

~1.4k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Google Appscript Mcp Server safe to use?: Google Appscript Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Google Appscript Mcp Server?: Google Appscript Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Google Appscript Mcp Server do?: Google Appscript Mcp Server provides 16 tools: createScriptProject, getScriptProject, updateScriptProject, getScriptContent, updateScriptContent and 11 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Google Appscript Mcp Server?: Google Appscript Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Google Appscript Mcp Server actively maintained?: Google Appscript Mcp Server is recently maintained — last commit was 31 days ago. It has 44 GitHub stars.

Similar servers

Others in productivity / developer-tools

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

MCP Security Weekly

Get CVE alerts and security updates for Google Appscript Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Productivity Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "google-apps-script": {
      "env": {
        "GOOGLE_APP_SCRIPT_API_CLIENT_ID": "your_client_id_here",
        "GOOGLE_APP_SCRIPT_API_CLIENT_SECRET": "your_client_secret_here"
      },
      "args": [
        "<absolute_path_to_mcpServer.js>"
      ],
      "command": "<absolute_path_to_node_executable>"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/google-appscript-mcp-server)](https://mcppedia.org/s/google-appscript-mcp-server)

Read me

What Google Appscript Mcp Server does

Author: mohalmah Repository: google-apps-script-mcp-server

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'node-fetch' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Google Apps Script MCP Server

Author: mohalmah
License: MIT License
Repository: google-apps-script-mcp-server

Welcome to the Google Apps Script MCP (Model Context Protocol) Server! 🚀

This MCP server provides comprehensive integration with the Google Apps Script API, allowing you to manage script projects, deployments, versions, and executions through any MCP-compatible client like Claude Desktop, VS Code with Cline, or Postman.

🌟 Overview

This MCP server enables seamless interaction with Google Apps Script through:

✅ OAuth 2.0 Authentication - Secure token management with automatic refresh
✅ 16 Comprehensive Tools - Complete Google Apps Script API coverage
✅ MCP Protocol Compliance - Works with Claude Desktop, VS Code, and other MCP clients
✅ Secure Token Storage - OS-specific secure storage for refresh tokens
✅ Auto Token Refresh - Handles token expiration automatically
✅ Detailed Logging - Comprehensive error handling and debugging

🎥 Demo Video

Watch the Google Apps Script MCP Server in action - creating projects, managing deployments, and executing scripts through VS Code AI Agent.

🚀 Features

Core Capabilities

Project Management: Create, retrieve, and update Google Apps Script projects
Deployment Management: Create, list, update, and delete script deployments
Version Control: Create and manage script versions
Content Management: Get and update script content and files
Process Monitoring: List and monitor script execution processes
Metrics Access: Retrieve script execution metrics and analytics
Script Execution: Run Google Apps Script functions remotely

Security Features

OAuth 2.0 Flow: Full Google OAuth implementation
Secure Token Storage: Refresh tokens stored in OS keychain/credential manager
Automatic Token Refresh: No manual token management required
Environment Variable Support: Secure credential configuration

⚙️ Prerequisites

Before starting, ensure you have:

Node.js (v18+ required, v20+ recommended) - Download here
npm (included with Node.js)
Google Account with access to Google Cloud Console
Git (for cloning the repository)

🚀 Quick Start Guide

1. Clone the Repository

git clone https://github.com/mohalmah/google-apps-script-mcp-server.git
cd google-apps-script-mcp-server

2. Install Dependencies

npm install

3. Set Up Google Cloud OAuth

Follow the detailed OAuth setup guide below.

4. Run OAuth Setup

npm run setup-oauth

5. Test the Server

npm start

1.1 MCP config for Node.js

Edit your claude_desktop_config.json file:

Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json



... [View full README on GitHub](https://github.com/mohalmah/google-appscript-mcp-server#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

84/100across 5 weighted dimensions

How we score →

0255075100

−16

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2022-2596low · fixedCVSS 3.1

node-fetch Inefficient Regular Expression Complexity

Affected: >= 3.0.0Fixed in 3.2.10source →

CVE-2022-0235low · fixedCVSS 3

node-fetch forwards secure headers to untrusted sites

node-fetch forwards secure headers such as `authorization`, `www-authenticate`, `cookie`, & `cookie2` when redirecting to a untrusted site.

Affected: >= 3.0.0Fixed in 3.1.1source →

CVE-2020-15168low · fixedCVSS 3.1

The `size` option isn't honored after following a redirect in node-fetch

Affected: >= 2.0.0Fixed in 2.6.1source →

Inventory

Tools (16)

Click any tool to inspect its schema.

~1.4k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Google Appscript Mcp Server safe to use?: Google Appscript Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Google Appscript Mcp Server?: Google Appscript Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Google Appscript Mcp Server do?: Google Appscript Mcp Server provides 16 tools: createScriptProject, getScriptProject, updateScriptProject, getScriptContent, updateScriptContent and 11 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Google Appscript Mcp Server?: Google Appscript Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Google Appscript Mcp Server actively maintained?: Google Appscript Mcp Server is recently maintained — last commit was 31 days ago. It has 44 GitHub stars.