A security-hardened Google Workspace integration for Claude Code.
Hardened Google Workspace MCP
A security-hardened Google Workspace integration for Claude Code.
This is a fork of taylorwilsdon/google_workspace_mcp with dangerous operations removed to prevent data exfiltration via prompt injection attacks. See SECURITY.md for details.
What This Does
Enables Claude Code to interact with your Google Workspace:
- Gmail: Read emails, create drafts (cannot send)
- Google Drive: Read/create files (cannot share externally)
- Google Docs: Read and edit documents
- Google Sheets: Read and write spreadsheets
- Google Calendar: View and create events (cannot add attendees)
- Google Forms: Read and create forms
- Google Slides: Read and edit presentations
Why "Hardened"?
LLMs are vulnerable to prompt injection attacks—malicious instructions hidden in content the model processes. An attacker could embed instructions in an email or document that trick the AI into exfiltrating sensitive data.
This fork removes dangerous operations — both exfiltration vectors and destructive actions:
- No email sending - Claude can draft emails, but you must manually send them from Gmail
- No file sharing - Claude cannot share files with external users
- No filter creation - Claude cannot create auto-forwarding rules
- No event attendees - Claude cannot add attendees to calendar events (invitations could exfiltrate data)
- No file trashing - Claude cannot move Drive files to trash
- No email trashing - Claude cannot trash or spam-label emails
- Secure credential storage - OAuth tokens stored in your platform's native credential manager (macOS Keychain, Windows Credential Manager, or Linux SecretService/KWallet), not plaintext files
⚠️ This Reduces Risk, It Does NOT Eliminate It
Important: This hardening only affects the Google Workspace tools. Claude Code has access to many other tools that could be used for data exfiltration (web requests, file writes, code execution, other MCP servers).
You must stay vigilant:
- Always review tool calls before approving them
- Never disable permission prompts
- Be suspicious of unexpected web requests or file operations
- Monitor Claude's behavior when processing external content
See SECURITY.md for the complete security model and additional risks.
Prerequisites
- Claude Code installed on your machine
- A Google Workspace or personal Google account
- Python 3.11+ installed
Quick Start
Step 1: Create OAuth Credentials
Follow OAUTH_SETUP.md to create Google Cloud OAuth credentials.
Step 2: Clone and Install
git clone https://github.com/c0webster/hardened-google-workspace-mcp.git ~/hardened-google-workspace-mcp
cd ~/hardened-google-workspace-mcp
uv sync
Note: If you don't have
uvinstalled, run:curl -LsSf https://astral.sh/uv/install.sh | sh
Step 3: Configure Claude Code
Add the MCP server using claude mcp add:
claude mcp add hardened-workspace \
--scope user \
-e GOOGLE_OAUTH_CLIENT_ID="YOUR_CLIENT_ID" \
-e GOOGLE_OAUTH_CLIENT_SECRET="YOUR_CLIENT_SECRET" \
-- uv run --directory ~/hardened-google-workspace-mcp python -m main --single-user
Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your OAuth credentials.
Or manually add to ~/.claude/mcp_config.json:
{
"mcpServers": {
"hardened-workspace": {
"command": "uv",
"args": ["run", "--directory", "/Users/YOUR_USERNAME/hardened-google-workspace-mcp", "python", "-m", "main", "--single-user"],
"env": {
"GOOGLE_OAUTH_CLIENT_ID": "YOUR_CLIENT_ID",
"GOOGLE_OAUTH_CLIENT_SECRET": "YOUR_CLIENT_SECRET"
}
}
}
}
Step 4: Authorize with Google
- Start (or restart) Claude Code
- The first time you use a Google Workspace tool, a browser window will open
- Sign in with your Google account
- Click "Allow" to grant permissions
For detailed instructions, see SETUP.md.
Example Prompts
Once set up, try these prompts in Claude Code:
List my recent emails from the past week
Read the document "Q4 Planning" from my Google Drive
Create a draft email to john@example.com about the meeting tomorrow
Show me what's on my calendar for next Monday
Update cell A1 in my "Budget 2025" spreadsheet to "Updated"
Troubleshooting
"OAuth credentials not found"
Make sure you've set the GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET environment variables in your MCP config.
"Permission denied" errors
- Delete the credentials folder:
rm -rf ~/.credentials/workspace-mcp/ - Restart Claude Code
- Re-authorize with your Google account
"Tool not found" errors
Make sure the MCP server is running. Check Claude Code's MCP status panel.
Browser doesn't open for authorization
If the browser doesn't open automatically, check the Claude C
Tools (7)
gmailRead emails and create drafts without the ability to send them.google-driveRead and create files with restrictions against external sharing.google-docsRead and edit Google Docs documents.google-sheetsRead and write Google Sheets spreadsheets.google-calendarView and create calendar events without adding attendees.google-formsRead and create Google Forms.google-slidesRead and edit Google Slides presentations.Environment Variables
GOOGLE_OAUTH_CLIENT_IDrequiredThe OAuth client ID from Google Cloud Console.GOOGLE_OAUTH_CLIENT_SECRETrequiredThe OAuth client secret from Google Cloud Console.Configuration
{"mcpServers": {"hardened-workspace": {"command": "uv", "args": ["run", "--directory", "/Users/YOUR_USERNAME/hardened-google-workspace-mcp", "python", "-m", "main", "--single-user"], "env": {"GOOGLE_OAUTH_CLIENT_ID": "YOUR_CLIENT_ID", "GOOGLE_OAUTH_CLIENT_SECRET": "YOUR_CLIENT_SECRET"}}}}