Model Context Protocol moderate risk

Google Calendar

This MCP server allows Claude to interact with Google Calendar, enabling users to manage events, authenticate, and switch accounts via natural language.

Connections & Capabilities

Connects To

GitHubGCP

Capabilities

readwrite

Quickstart

Install

npx @takumi0706/google-calendar-mcp@1.0.7

Config

{
  "mcpServers": {
    "google-calendar": {
      "command": "npx",
      "args": [
        "-y",
        "@takumi0706/google-calendar-mcp"
      ],
      "env": {
        "GOOGLE_CLIENT_ID": "your_client_id",
        "GOOGLE_CLIENT_SECRET": "your_client_secret",
        "GOOGLE_REDIRECT_URI": "http://localhost:4153/oauth2callback"
      }
    }
  }
}

Exposed MCP Tools (5)

safe

getEvents

Retrieves calendar events based on specified criteria like date range and maximum results.

Read-only operation, no modification of calendar data.

moderate

createEvent

Creates a new event in the user's Google Calendar.

Adds new data to the calendar, but doesn't modify existing events without explicit instruction.

high

updateEvent

Modifies an existing event in the user's Google Calendar.

Changes existing calendar data, potentially leading to data loss or corruption if used incorrectly.

critical

deleteEvent

Deletes an event from the user's Google Calendar.

Destructive operation that permanently removes calendar data.

safe

authenticate

Re-authenticates with Google Calendar, allowing switching between accounts.

Re-establishes authentication, but does not directly modify calendar data.

Safety Assessment

This MCP server offers moderate safety due to its OAuth2 authentication and token encryption. However, the ability to create, update, and delete calendar events introduces risks if the server is misconfigured or credentials are compromised. It is safe when properly configured with strong environment variable management and used within the intended Claude Desktop environment. It is risky if exposed to unauthorized access or used with weak credentials.

OAuth2 authentication for secure access to Google Calendar
Token encryption using AES-256-GCM for secure storage
PKCE implementation for enhanced OAuth security
Input validation with Zod schema to prevent injection attacks
State parameter validation for CSRF protection

Requires Google OAuth credentials, which if compromised, could lead to unauthorized calendar access.
Write operations (create, update, delete) can modify user's calendar data.
No explicit rate limiting mentioned for API endpoint protection.
Relies on environment variables for sensitive credentials, which need secure management.
If not configured correctly, the server could expose the Google Calendar to unintended modifications.