Tracked packageView full profile for google_workspace_mcp →

MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

Compare to another server

github · google_workspace_mcpHEAD

Item: google_workspace_mcp
Rating: 4
Author: MCPSafe

Scanned 5/3/2026, 7:26:23 PM·Cached result·Fast Scan·45 rules·How we decide ↗

AIVSS Score

3.8/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packagegoogle_workspace_mcp

VersionHEAD

SourceGITHUB

LicenseMIT

Publishertaylorwilsdon

Package age1y 0m

Stars2.3K

Downloads/wk—

Dependencies0

Homepagehttps://workspacemcp.com

Repositoryhttps://github.com/taylorwilsdon/google_workspace_mcp

Findings

Showing 1–30 of 45 findings

high (4)

medium (19)

low (7)

«‹

45 findings

high (4)

AIVSS 3.8CVSS 5.5

XML parser configured without entity expansion disabled. XXE (XML external entity) attacks can read local files, exfiltrate data, and cause SSRF when the parser resolves external entities.

Evidence

for member in targets:
                try:
                    xml_content = zf.read(member)
                    xml_root = ET.fromstring(xml_content)
                    member_texts: List[str] = []

                    if (

Remediation

Use defusedxml in Python (drop-in replacement for stdlib XML modules). In Java, set XMLConstants.FEATURE_SECURE_PROCESSING=true and disable external-DTD features on the factory before parsing.

368	for member in targets:
369	try:
370	xml_content = zf.read(member)
371	xml_root = ET.fromstring(xml_content)
372	member_texts: List[str] = []
373
374	if (

338	# Attempt to parse sharedStrings.xml for Excel files
339	try:
340	shared_strings_xml = zf.read("xl/sharedStrings.xml")
341	shared_strings_root = ET.fromstring(shared_strings_xml)
342	for si_element in shared_strings_root.findall(
343	f"{{{ns_excel_main}}}si"
344	):

1295	if credentials and credentials.id_token:
1296	try:
1297	# Decode without verification (just to get email for logging)
1298	decoded_token = jwt.decode(
1299	credentials.id_token, options={"verify_signature": False}
1300	)
1301	token_email = decoded_token.get("email")
1302	if token_email:

139	user_email = None
140	if credentials and credentials.id_token:
141	try:
142	decoded_token = jwt.decode(
143	credentials.id_token, options={"verify_signature": False}
144	)
145	user_email = decoded_token.get("email")
146	except Exception as e:

145	except Exception as e:
146	logger.error(f"Failed to update {section_type}: {str(e)}")
147	return False, f"Failed to update {section_type}: {str(e)}"
148
149	async def _get_document(self, document_id: str) -> dict[str, Any]:
150	"""Get the full document data."""

960	image_uri = f"https://drive.google.com/uc?id={image_source}"
961	source_description = f"Drive file {file_metadata.get('name', image_source)}"
962	except Exception as e:
963	return f"Error: Could not access Drive file {image_source}: {str(e)}"
964	else:
965	image_uri = image_source
966	source_description = "URL image"

439	except Exception as e:
440	logger.error(f"Failed to get header/footer info: {str(e)}")
441	return {"error": str(e)}
442
443	def _extract_section_info(self, section_data: dict[str, Any]) -> dict[str, Any]:
444	"""Extract useful information from a header/footer section."""

373	)
374
375	except Exception as e:
376	return False, f"Failed to populate existing table: {str(e)}", {}
377
378	async def _populate_existing_table_cells_batch(
379	self,

2040	return f"Successfully exported '{original_name}' to PDF and saved to Drive as '{pdf_filename}' (ID: {pdf_file_id}, {pdf_size:,} bytes){folder_info}. PDF: {pdf_web_link} \| Original: {web_view_link}"
2041
2042	except Exception as e:
2043	return f"Error: Failed to upload PDF to Drive: {str(e)}. PDF was generated successfully ({pdf_size:,} bytes) but could not be saved to Drive."
2044
2045
2046	# ==============================================================================

419	except Exception as e:
420	logger.error(f"[run_script_function] Execution error: {str(e)}")
421	return f"Execution failed\nFunction: {function_name}\nError: {str(e)}"
422
423
424	@server.tool(

1959	.execute
1960	)
1961	except Exception as e:
1962	return f"Error: Could not access document {document_id}: {str(e)}"
1963
1964	mime_type = file_metadata.get("mimeType", "")
1965	original_name = file_metadata.get("name", "Unknown Document")

103	except Exception as e:
104	error_message_detail = f"Error processing OAuth callback: {str(e)}"
105	logger.error(error_message_detail, exc_info=True)
106	return create_server_error_response(str(e))
107
108	def _setup_attachment_route(self):
109	"""Setup the attachment serving route."""

663	return create_success_response(verified_user_id)
664	except Exception as e:
665	logger.error(f"Error processing OAuth callback: {str(e)}", exc_info=True)
666	return create_server_error_response(str(e))
667
668
669	@server.tool(

1988	pdf_size = len(pdf_content)
1989
1990	except Exception as e:
1991	return f"Error: Failed to export document to PDF: {str(e)}"
1992
1993	# Determine PDF filename
1994	if not pdf_filename:

109	except Exception as e:
110	logger.error(f"Failed to create and populate table: {str(e)}")
111	return False, f"Table creation failed: {str(e)}", {}
112
113	async def _create_empty_table(
114	self,

277	\| file_name \| string \| yes \| \| Name for the new Google Doc \|
278	\| content \| any \| no \| \| Text content for MD, TXT, HTML \|
279	\| file_path \| any \| no \| \| Local file path for DOCX, ODT, etc. Supports `file://` URLs \|
280	\| file_url \| any \| no \| \| Remote URL to fetch (http/https) \|
281	\| source_format \| any \| no \| (auto-detect) \| `md`, `markdown`, `docx`, `txt`, `html`, `rtf`, `odt` \|
282	\| folder_id \| string \| no \| root \| Parent folder ID \|

35	"""Result of saving an attachment: provides both the UUID and the absolute file path."""
36
37	file_id: str
38	path: str
39
40
41	class AttachmentStorage:
42	"""Manages temporary storage of email attachments."""

45	needs: [autofix]
46	runs-on: ubuntu-latest
47	steps:
48	- uses: actions/checkout@v6
49	- uses: actions/setup-python@v6
50	with:
51	python-version: '3.11'

88	twine check dist/*
89
90	- name: Publish package to PyPI
91	uses: pypa/gh-action-pypi-publish@release/v1
92	with:
93	skip-existing: true

16	with:
17	python-version: '3.11'
18	- name: Install uv
19	uses: astral-sh/setup-uv@v7
20	- name: Install dependencies
21	run: uv sync --extra test --frozen
22	- name: Run pytest

27	steps:
28	- name: Checkout repository
29	uses: actions/checkout@v6
30
31	- name: Set up Docker Buildx
32	uses: docker/setup-buildx-action@v3

16	permissions:
17	contents: write
18	steps:
19	- uses: actions/checkout@v6
20	with:
21	ref: ${{ github.event.pull_request.head.ref }}
22	token: ${{ secrets.GITHUB_TOKEN }}

42	- name: Extract metadata (tags, labels) for Docker
43	id: meta
44	uses: docker/metadata-action@v5
45	with:
46	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
47	tags: \|

15	steps:
16	- name: Check if maintainer edits are enabled
17	uses: actions/github-script@v7
18	with:
19	script: \|
20	const { data: pr } = await github.rest.pulls.get({

github · google_workspace_mcpHEAD

high (4)

medium (19)

low (7)

high (4)

medium (34)

low (7)

LLM summary— google_workspace_mcp:HEAD

Signal scores

LLM judge panel

CVE check

Community trust

Scan details

MCP Server Information

Run this exact engine on your private repo — before users see it on /scan.

high (4)

medium (19)

low (7)

high (4)

medium (34)

low (7)

Severity breakdown

19	uses: actions/checkout@v6
20
21	- name: Set up Python
22	uses: actions/setup-python@v6
23	with:
24	python-version: "3.11"

16	id-token: write
17	steps:
18	- name: Checkout
19	uses: actions/checkout@v6
20
21	- name: Set up Python
22	uses: actions/setup-python@v6

55	type=raw,value=latest,enable={{is_default_branch}}
56
57	- name: Build and push Docker image
58	uses: docker/build-push-action@v6
59	with:
60	context: .
61	push: ${{ github.event_name != 'pull_request' }}

34	- name: Log in to GitHub Container Registry
35	if: github.event_name != 'pull_request'
36	uses: docker/login-action@v3
37	with:
38	registry: ${{ env.REGISTRY }}
39	username: ${{ github.actor }}

771	return self.get_credentials(requested_user_email)
772
773	# Check if this is an MCP session
774	mcp_user = self._mcp_session_mapping.get(session_id)
775	if mcp_user:
776	if mcp_user != requested_user_email:
777	logger.error(

40	Set or clear the FastMCP session ID for the current request context.
41	This is called when a FastMCP request starts.
42	"""
43	_fastmcp_session_id.set(session_id)

759	# Priority 2: Check session binding
760	if session_id:
761	bound_user = self._session_auth_binding.get(session_id)
762	if bound_user:
763	if bound_user != requested_user_email:
764	logger.error(

347	store = get_oauth21_session_store()
348	if store.has_session(authenticated_user):
349	return "oauth21"
350	except (ImportError, AttributeError, RuntimeError):
351	pass # Fall back to OAuth 2.0 if session check fails
352
353	# For public clients in OAuth 2.1 mode, we require PKCE
354	# But since they didn't send PKCE, fall back to OAuth 2.0

263	logger.info(
264	f"Minimal OAuth server started on {hostname}:{self.port}"
265	)
266	return True, ""
267	except Exception:
268	pass
269	time.sleep(0.1)
270
271	error_msg = f"Failed to start minimal OAuth server on {hostname}:{self.port} - server did not respond within {max_wait}s"

385	doc = await self._get_document(document_id)
386	return self._resolve_section_id_from_styles(
387	doc, section_type, header_footer_type
388	)
389	except Exception:
390	pass
391	logger.error(f"Failed to create missing {section_type}: {str(e)}")
392	return None