by piotr-agier
A Model Context Protocol (MCP) server that provides secure integration with Google Drive, Docs, Sheets, Slides and Calendar. It allows Claude Desktop and other MCP clients to manage files in Google Drive through a standardized interface.
# Add to your Claude Code skills
git clone https://github.com/piotr-agier/google-drive-mcpGuides for using mcp servers skills like google-drive-mcp.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express-rate-limit: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: Prototype Pollution via parse() in NodeJS flatted",
"severity": "high"
},
{
"type": "npm-audit",
"message": "gaxios: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "googleapis: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "googleapis-common: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "hono: Hono missing validation of cookie name on write path in setCookie()",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T16:01:18.241Z",
"npmAuditRan": true,
"pipAuditRan": true
}google-drive-mcp is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by piotr-agier. A Model Context Protocol (MCP) server that provides secure integration with Google Drive, Docs, Sheets, Slides and Calendar. It allows Claude Desktop and other MCP clients to manage files in Google Drive through a standardized interface. It has 180 GitHub stars.
google-drive-mcp returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/piotr-agier/google-drive-mcp" and add it to your Claude Code skills directory (see the Installation section above).
google-drive-mcp is primarily written in TypeScript. It is open-source under piotr-agier on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh google-drive-mcp against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
A Model Context Protocol (MCP) server that provides secure integration with Google Drive, Docs, Sheets, Slides, and Calendar. It allows Claude Desktop and other MCP clients to manage files in Google Drive and calendar events through a standardized interface.
/Work/Projects)This MCP server enables powerful file management workflows through natural language:
Create a new Google Doc called "Project Plan" in the folder /Work/Projects
with an outline for our Q1 initiatives including milestones and deliverables.
Search for files containing "budget" and organize them by moving each one
to the appropriate folder in your Drive hierarchy.
Create a Google Sheet called "Sales Analysis 2024" with columns for Date, Product,
Quantity, and Revenue to track your sales data.
Create a presentation called "Product Roadmap" with slides outlining
our Q1 milestones, key features, and timeline.
Update the "Team Contacts" spreadsheet with new employee information
by modifying specific cells or ranges with the provided data.
Search for documents in the /Reports folder and create a summary
document listing the files you found.
Create a Templates folder and add standard documents like
a Meeting Notes template, Project Proposal template,
and Budget Spreadsheet template.
./auth/drive.file.../auth/documents.../auth/spreadsheets.../auth/presentations.../auth/drive.../auth/drive.readonly.../auth/calendar.../auth/calendar.eventsgcp-oauth.keys.jsonYou can run the server directly without installation:
# Run the server (authentication happens automatically on first run)
npx @piotr-agier/google-drive-mcp
# Optional: Run authentication manually if needed
npx @piotr-agier/google-drive-mcp auth
Clone and install:
git clone https://github.com/piotr-agier/google-drive-mcp.git
cd google-drive-mcp
npm install
Set up credentials:
# Copy the example file
cp gcp-oauth.keys.example.json gcp-oauth.keys.json
# Edit gcp-oauth.keys.json with your OAuth client ID
Authenticate (optional):
npm run auth
Note: Authentication happens automatically on first run of an MCP client if you skip this step.
Authenticate locally first - Docker containers cannot open browsers for OAuth:
# Using npx
npx @piotr-agier/google-drive-mcp auth
# Or using local installation
npm run auth
Verify token location:
ls -la ~/.config/google-drive-mcp/tokens.json
Build the project (required before Docker build):
npm install
npm run build
Build the Docker image:
docker build -t google-drive-mcp .
The scripts/docker-mcp.sh wrapper manages the container lifecycle — it creates, reuses, and replaces containers automatically. MCP clients invoke this script directly (see configuration below).
To verify the image works after a rebuild:
docker run --rm google-drive-mcp --help
Uses a wrapper script that keeps a single named container running and reuses it across client restarts — faster startup and no container churn:
{
"mcpServers": {
"google-drive": {
"command": "/path/to/google-drive-mcp/scripts/docker-mcp.sh",
"env": {
"GOOGLE_DRIVE_OAUTH_CREDENTIALS": "$HOME/gcp-oauth.keys.json",
"GOOGLE_DRIVE_MCP_TOKEN_PATH": "$HOME/.config/google-drive-mcp/tokens.json"
}
}
}
}
The script will:
Note: The container stays running in the background until explicitly stopped.
To stop it: docker stop google-drive-mcp
Creates and removes a new container on every client restart:
{
"mcpServers": {
"google-drive": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-v",
"/path/to/gcp-oauth.keys.json:/config/gcp-oauth.keys.json:ro",
"-v",
"/Users/yourname/.config/google-drive-mcp/tokens.json:/config/tokens.json",
"google-drive-mcp"
]
}
}
}
Docker-specific notes:
-i for interactive mode (required for MCP stdio communication)--rm to automatically remove the container after exitThe server supports multiple methods for providing OAuth credentials (in order of priority):
export GOOGLE_DRIVE_OAUTH_CREDENTIALS="/path/to/your/gcp-oauth.keys.json"
Place gcp-oauth.keys.json in the XDG config directory:
~/.config/google-drive-mcp/gcp-oauth.keys.json
This is the recommended location — it works reliably with npx, global installs, and local setups.
Place gcp-oauth.keys.json in the project root directory. This still works for local development but is unreliable with npx or global installs.
By default, the server requests a broad scope set for Drive/Docs/Sheets/Slides/Calendar. You can override requested scopes with:
export GOOGLE_DRIVE_MCP_SCOPES="drive.readonly,documents,spreadsheets"
Notes:
drive, drive.file, drive.readonly, documents, spreadsheets, presentations, calendar, calendar.events.During OAuth authentication, a local HTTP server is started to receive the callback. By default it tries ports 3000–3004. If those conflict with other services (e.g., a dev server), you can change the starting port:
export GOOGLE_DRIVE_MCP_AUTH_PORT=3100
The server will try 5 consecutive ports starting from the configured value (e.g., 3100–3104).
The callback server binds to the loopback interface and the OAuth redirect URI uses the loopback IP — http://127.0.0.1:<port>/oauth2callback (default range 127.0.0.1:3000–127.0.0.1:3004). Desktop app OAuth clients (the recommended type — see Create OAuth 2.0 Credentials) accept any loopback redirect automatically and need no action. If you instead use a Web application OAuth client, you must register http://127.0.0.1:<port>/oauth2callback for every port in the range as an authorized redirect URI in Google Cloud Console, or authenticati