by stape-io
MCP server for Google Tag Manager
# Add to your Claude Code skills
git clone https://github.com/stape-io/google-tag-manager-mcp-serverGuides for using mcp servers skills like google-tag-manager-mcp-server.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@ai-sdk/gateway: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@ai-sdk/provider-utils: @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@eslint/plugin-kit: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: Anthropic's MCP TypeScript SDK has a ReDoS vulnerability",
"severity": "high"
},
{
"type": "npm-audit",
"message": "agents: Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ai: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "body-parser: body-parser is vulnerable to denial of service when url encoding is used",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
"severity": "high"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "eslint: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "gaxios: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "googleapis: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "googleapis-common: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "hono: Hono Improper Authorization vulnerability",
"severity": "high"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "jws: auth0/node-jws Improperly Verifies HMAC Signature",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "miniflare: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "undici: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "wrangler: Wrangler affected by OS Command Injection in `wrangler pages deploy`",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:58:20.815Z",
"npmAuditRan": true,
"pipAuditRan": true
}google-tag-manager-mcp-server is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by stape-io. MCP server for Google Tag Manager. It has 181 GitHub stars.
google-tag-manager-mcp-server returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/stape-io/google-tag-manager-mcp-server" and add it to your Claude Code skills directory (see the Installation section above).
google-tag-manager-mcp-server is primarily written in TypeScript. It is open-source under stape-io on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh google-tag-manager-mcp-server against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
This is a server that supports remote MCP connections, with Google OAuth built-in and provides an interface to the Google Tag Manager API.
Open Claude Desktop and navigate to Settings -> Developer -> Edit Config. This opens the configuration file that controls which MCP servers Claude can access.
Replace the content with the following configuration. Once you restart Claude Desktop, a browser window will open showing your OAuth login page. Complete the authentication flow to grant Claude access to your MCP server. After you grant access, the tools will become available for you to use.
{
"mcpServers": {
"gtm-mcp-server": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://gtm-mcp.stape.ai/mcp"
]
}
}
}
MCP Server Name Length Limit
Some MCP clients (like Cursor AI) have a 60-character limit for the combined MCP server name + tool name length. If you use a longer server name in your configuration (e.g., gtm-mcp-server-your-additional-long-name), some tools may be filtered out.
To avoid this issue:
gtm-mcp-server)Clearing MCP Cache
mcp-remote stores all the credential information inside ~/.mcp-auth (or wherever your MCP_REMOTE_CONFIG_DIR points to). If you're having persistent issues, try running: You can run rm -rf ~/.mcp-auth to clear any locally stored state and tokens.
rm -rf ~/.mcp-auth
Then restarting your MCP client.