google-tag-manager-mcp-server

Security Findings (34)

• HighRug-Pull (Post-Install Description Change)

  Tool set changed silently at v3.0.5: 29 tool(s) added, 8 tool(s) removed without a version bump.

  + 29 added

  GOOGLECALENDAR_ACL_PATCHGOOGLECALENDAR_CALENDARS_DELETEGOOGLECALENDAR_CALENDARS_UPDATEGOOGLECALENDAR_CALENDAR_LIST_INSERTGOOGLECALENDAR_CALENDAR_LIST_UPDATEGOOGLECALENDAR_CLEAR_CALENDARGOOGLECALENDAR_CREATE_EVENTGOOGLECALENDAR_DELETE_EVENTGOOGLECALENDAR_DUPLICATE_CALENDARGOOGLECALENDAR_EVENTS_INSTANCESGOOGLECALENDAR_EVENTS_LISTGOOGLECALENDAR_EVENTS_MOVEGOOGLECALENDAR_EVENTS_WATCHGOOGLECALENDAR_FIND_EVENTGOOGLECALENDAR_FIND_FREE_SLOTSGOOGLECALENDAR_FREE_BUSY_QUERYGOOGLECALENDAR_GET_CALENDARGOOGLECALENDAR_GET_CURRENT_DATE_TIMEGOOGLECALENDAR_LIST_ACL_RULESGOOGLECALENDAR_LIST_CALENDARSGOOGLECALENDAR_PATCH_CALENDARGOOGLECALENDAR_PATCH_EVENTGOOGLECALENDAR_QUICK_ADDGOOGLECALENDAR_REMOVE_ATTENDEEGOOGLECALENDAR_SETTINGS_LISTGOOGLECALENDAR_SETTINGS_WATCHGOOGLECALENDAR_SYNC_EVENTSGOOGLECALENDAR_UPDATE_ACL_RULEGOOGLECALENDAR_UPDATE_EVENT

  − 8 removed

  GOOGLE_MAPS_COMPUTE_ROUTE_MATRIXGOOGLE_MAPS_DISTANCE_MATRIX_APIGOOGLE_MAPS_GEOCODING_APIGOOGLE_MAPS_GET_DIRECTIONGOOGLE_MAPS_GET_ROUTEGOOGLE_MAPS_MAPS_EMBED_APIGOOGLE_MAPS_NEARBY_SEARCHGOOGLE_MAPS_TEXT_SEARCH

  Rule: AS-012Fix: The set of tools exposed by this server changed between scans of the same version — a sign the package was silently updated without a version bump. Audit the changelog and all tool definitions before trusting this server. Pin to a specific commit hash rather than a floating version tag.
• HighExcessive Permission Surface ×6

  • GOOGLECALENDAR_CALENDARS_UPDATE:tool declares exec permission
  • GOOGLECALENDAR_CREATE_EVENT:tool declares exec permission
  • GOOGLECALENDAR_FREE_BUSY_QUERY:tool declares network permission
  • GOOGLECALENDAR_PATCH_CALENDAR:tool declares exec permission
  • GOOGLECALENDAR_PATCH_EVENT:tool declares exec permission
  • GOOGLECALENDAR_UPDATE_EVENT:tool declares exec permission

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
• HighInsecure Secret Handling ×5

  • GOOGLECALENDAR_EVENTS_LIST:input parameter "syncToken" appears to accept a secret or credential
  • GOOGLECALENDAR_EVENTS_WATCH:input parameter "token" appears to accept a secret or credential
  • GOOGLECALENDAR_LIST_CALENDARS:input parameter "syncToken" appears to accept a secret or credential
  • GOOGLECALENDAR_SETTINGS_LIST:input parameter "syncToken" appears to accept a secret or credential
  • GOOGLECALENDAR_SETTINGS_WATCH:input parameter "token" appears to accept a secret or credential

  Rule: AS-010Fix: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
• MediumExcessive Permission Surface ×9

  • GOOGLECALENDAR_CALENDAR_LIST_UPDATE:tool declares fs permission
  • GOOGLECALENDAR_CALENDARS_DELETE:tool declares fs permission
  • GOOGLECALENDAR_CALENDARS_UPDATE:tool declares fs permission
  • GOOGLECALENDAR_CREATE_EVENT:tool declares fs permission
  • GOOGLECALENDAR_DELETE_EVENT:tool declares fs permission
  • GOOGLECALENDAR_FIND_EVENT:tool declares db permission
  • GOOGLECALENDAR_REMOVE_ATTENDEE:tool declares fs permission
  • GOOGLECALENDAR_UPDATE_ACL_RULE:tool declares fs permission
  • GOOGLECALENDAR_UPDATE_EVENT:tool declares fs permission

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
• LowDoS Resilience — Missing Rate Limit / Timeout ×7

  • GOOGLECALENDAR_CALENDARS_UPDATE:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • GOOGLECALENDAR_CREATE_EVENT:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • GOOGLECALENDAR_EVENTS_WATCH:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • GOOGLECALENDAR_FREE_BUSY_QUERY:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • GOOGLECALENDAR_PATCH_CALENDAR:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • GOOGLECALENDAR_PATCH_EVENT:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration
  • GOOGLECALENDAR_UPDATE_EVENT:tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

  Rule: AS-011Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.
• LowExcessive Permission Surface ×6

  • GOOGLECALENDAR_CREATE_EVENT:input schema exposes 23 properties (threshold: 10)
  • GOOGLECALENDAR_EVENTS_LIST:input schema exposes 19 properties (threshold: 10)
  • GOOGLECALENDAR_EVENTS_WATCH:tool declares http permission
  • GOOGLECALENDAR_FIND_EVENT:input schema exposes 11 properties (threshold: 10)
  • GOOGLECALENDAR_PATCH_EVENT:input schema exposes 14 properties (threshold: 10)
  • GOOGLECALENDAR_UPDATE_EVENT:input schema exposes 23 properties (threshold: 10)

  Rule: AS-002Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.