← MCP directory

Low

github · 154 files analyzed

nspady/google-calendar-mcp

Minor capabilities, nothing alarming.

View source ↗

Check your own MCP server

Free · no signup · instant shareable report.

Outbound network 1

Environment variables (config / keys) 26

Filesystem writes 3

Shell / command execution 5

Sensitive credential files 4

AI review

This is a legitimate Google Calendar MCP server implementation with standard OAuth2 authentication and no deceptive behavior. The flagged items are normal Node.js patterns for a CLI tool that spawns child processes, accesses environment variables, and manages local files—all expected for a calendar integration tool.

low Standard environment variable usage for configuration — Access to process.env is used for standard configuration (locale, transport type, OAuth paths, test mode) and is expected for any MCP server. No exfiltration or credential-stealing logic detected.
low Child process spawning for development/testing scripts — spawn() from child_process is used in dev scripts, test runners, and Docker integration tests—standard for a Node.js project. No suspicious command injection or data exfiltration via spawned processes.
low File system operations for token management — fs.unlink calls are used to clean up OAuth token files during account switching and legacy path migration—expected behavior for a multi-account OAuth client. No unauthorized file access or data theft.
low Agent instructions are legitimate development workflows — The .claude/agents/ files contain standard sub-agent prompts for implementing features and writing tests. They do not contain hidden instructions, prompt injection attempts, or commands to exfiltrate data.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low future_features/ARCHITECTURE_REDESIGN.md:102 locale: process.env.LANG || 'en-US'

low scripts/account-manager.js:63 const fullEnv = { ...process.env, ...env };

low scripts/dev.js:236 ...process.env,

low scripts/test-docker.sh:207 env: { ...process.env, NODE_ENV: 'test' }

low src/auth-server.ts:8 process.env.GOOGLE_ACCOUNT_MODE = args[0];

low src/auth/paths.js:17 if (process.env.GOOGLE_CALENDAR_MCP_TOKEN_PATH) {

low src/auth/tokenManager.ts:179 if (process.env.NODE_ENV !== 'test') {

low src/auth/utils.ts:37 const envCredentialsPath = process.env.GOOGLE_OAUTH_CREDENTIALS;

low src/config/TransportConfig.ts:31 type: (process.env.TRANSPORT as 'stdio' | 'http') || 'stdio',

low src/handlers/core/ManageAccountsHandler.ts:211 process.env.GOOGLE_ACCOUNT_MODE = normalizedId;

low src/index.ts:47 process.env.GOOGLE_ACCOUNT_MODE = accountId;

low src/server.ts:72 if (process.env.NODE_ENV === 'test') {

+ 14 more

Shell / command execution · Executes shell / system commands

medium scripts/account-manager.js:19 import { spawn } from 'child_process';

medium scripts/check-imports.js:25 'util', 'events', 'buffer', 'querystring', 'net', 'child_process',

medium scripts/dev.js:8 import { spawn } from 'child_process';

medium scripts/test-docker.sh:192 const { spawn } = require('child_process');

info src/tests/integration/docker-integration.test.ts:4 import { spawn, ChildProcess, exec } from 'child_process';

Filesystem writes · Reads or writes the filesystem

low scripts/account-manager.js:226 await fs.unlink(tokenPath);

low src/auth/tokenManager.ts:217 await fs.unlink(legacyPath);

info src/tests/integration/docker-integration.test.ts:256 await fs.unlink(composeOverridePath).catch(() => {});

Outbound network · Makes outbound network requests

low src/handlers/core/BatchRequestHandler.ts:62 const response = await fetch(this.batchEndpoint, {

Sensitive credential files · Reads sensitive credential files

info src/tests/unit/auth/accountValidation.test.ts:71 process.env.GOOGLE_ACCOUNT_MODE = '../../../etc/passwd';

info src/tests/unit/auth/multi-account.test.ts:82 '../../../etc/passwd': { // Invalid account ID

info src/tests/unit/handlers/BaseToolHandler-accounts.test.ts:76 expect(() => handler.getClientForAccount('../../../etc/passwd', accounts))

info src/tests/unit/handlers/ManageAccountsHandler.test.ts:219 const invalidIds = ['../../../etc/passwd', 'test@email', 'test space'];

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.