Model Context Protocol moderate risk

Googletasks

This MCP server bridges Claude to Google Tasks, enabling task list and task management via natural language, with persistent credentials and automatic token refresh.

Connections & Capabilities

Connects To

GCP

Capabilities

readwriteadmin

Quickstart

Install

npm install
```

Config

{
  "mcpServers": {
    "google-tasks": {
      "command": "node",
      "args": ["/path/to/google-tasks-mcp/build/index.js"],
      "env": {
        "GOOGLE_CLIENT_ID": "your_client_id_here",
        "GOOGLE_CLIENT_SECRET": "your_client_secret_here",
        "GOOGLE_REDIRECT_URI": "http://localhost:3000/oauth2callback"
      }
    }
  }
}

Exposed MCP Tools (15)

safe

list-tasklists

Lists all available task lists.

Read-only operation, no modification of data.

safe

get-tasklist

Retrieves details about a specific task list.

Read-only operation, no modification of data.

moderate

create-tasklist

Creates a new task list.

Creates new data, but does not modify existing data.

high

update-tasklist

Updates an existing task list.

Modifies existing data, potentially impacting organization.

critical

delete-tasklist

Deletes a task list.

Destructive operation, permanent data loss.

safe

list-tasks

Lists all tasks in a specified task list.

Read-only operation, no modification of data.

safe

get-task

Retrieves details about a specific task.

Read-only operation, no modification of data.

moderate

create-task

Creates a new task in a task list.

Creates new data, but does not modify existing data.

high

update-task

Updates an existing task.

Modifies existing data, potentially impacting workflow.

critical

delete-task

Deletes a task.

Destructive operation, permanent data loss.

moderate

complete-task

Marks a task as completed.

Modifies task status, but does not delete data.

high

move-task

Moves a task to a different position or task list.

Modifies task organization, potentially disrupting workflow.

critical

clear-completed-tasks

Deletes all completed tasks from a task list.

Destructive operation, permanent data loss of completed tasks.

safe

authenticate

Initiates the OAuth authentication flow to obtain authorization URL.

Generates a URL, does not directly access data.

moderate

set-auth-code

Sets the authorization code received after authentication to complete the OAuth flow.

Completes authentication, enabling access to data.

Safety Assessment

This server allows Claude to read, write, and delete Google Tasks. While it includes security measures like token storage protection and input validation, the ability to modify and delete tasks introduces moderate risk. It is safe to use if the host environment is secured and the user understands the permissions granted to the application.

Persistent token storage with restricted permissions
Automatic token refresh
Environment variable validation at startup
Input validation for all tools
HTML sanitization for OAuth callback

Requires Google Cloud project and API enablement
OAuth flow involves browser interaction
Stores credentials on disk, potential risk if the host is compromised
Write and delete operations are supported
No explicit sandboxing