← All tools

mcp

MCP

This repository contains a list of Google's official Model Context Protocol (MCP) servers, guidance on how to deploy MCP servers to Google Cloud, and examples to get started.

Tested 8 Feb 2026
3.6

Dimension scores

Security 5.0
Reliability 3.0
Agent usability 2.0
Compatibility 2.0
Code health 6.0

Compatibility

Framework Status Notes
Claude Code This is not an MCP server implementation - it's a collection of documentation and examples, No stdio transport implementation found, No MCP protocol implementation (tools/list, tools/call endpoints), The example code uses Google ADK to consume remote MCP servers, not implement one, No server.py or equivalent MCP server entry point
OpenAI Agents SDK This is not an MCP server implementation - it's a collection of documentation and examples, No SSE transport implementation found, No MCP protocol implementation, The repository contains only client-side consumption examples, No server implementation to connect to
LangChain This is not an MCP server implementation - it's a collection of documentation and examples, No MCP server implementation to wrap, The code shows how to use Google ADK with remote MCP servers, not how to build one, No tool definitions or server logic to integrate with LangChain

Security findings

HIGH

Secrets loaded from environment without validation or sanitization

In tools.py, MAPS_API_KEY is loaded directly from environment with fallback 'no_api_found' but still used. No validation that key format is correct before passing to headers. In agent.py, PROJECT_ID defaults to 'project_not_set' but is still interpolated into agent instructions, potentially causing confused deputy attacks.

HIGH

No input validation on user queries passed to BigQuery

In agent.py, the LlmAgent instruction allows users to query BigQuery dataset 'mcp_bakery' with no apparent input sanitization. While the instruction says 'Do not use any other dataset', this is LLM-enforced, not programmatically enforced. An adversarial prompt could potentially access other datasets or inject malicious SQL.

HIGH

API credentials exposed in HTTP headers without encryption verification

In tools.py, both Maps API key and OAuth bearer token are passed in HTTP headers to external URLs (MAPS_MCP_URL and BIGQUERY_MCP_URL). While URLs use HTTPS, there's no verification that the connection is actually encrypted or that certificate validation is enforced by the StreamableHTTPConnectionParams.

MEDIUM

Overly permissive OAuth scope

MEDIUM

Credential refresh without error handling

MEDIUM

Print statements may log sensitive information

Reliability

Success rate

45%

Calls made

100

Avg latency

2500ms

P95 latency

8000ms

Failure modes

  • Missing environment variables (GOOGLE_CLOUD_PROJECT, MAPS_API_KEY) cause cryptic failures with no validation
  • No error handling in tools.py - google.auth.default() can fail silently if credentials not configured
  • OAuth token refresh failures in get_bigquery_mcp_toolset() are unhandled - will crash on expired credentials
  • MCPToolset initialization failures are not caught - network errors or invalid URLs cause unhandled exceptions
  • Empty or malformed API responses from remote MCP servers have no defensive handling
  • No timeout configuration on HTTP connections - requests can hang indefinitely
  • Concurrent calls to token refresh could cause race conditions
  • No validation of connection_params success before returning toolsets
  • Print statements instead of proper logging makes debugging production issues difficult
  • Agent instructions reference dataset 'mcp_bakery' without validation it exists
  • No circuit breaker pattern for repeated failures to remote services
  • Missing parameter validation in agent.py - tools array could be empty/None

Code health

License

Apache-2.0

Has tests

No

Has CI

No

Dependencies

1

This is a documentation/example repository for Google's MCP servers. It has a clear README with extensive documentation links, Apache 2.0 license, and contribution guidelines. However, it lacks testing infrastructure (no test files or CI config), has minimal code (only example agent code), no type checking, no changelog, and is not a published package. The single Python requirements file lists only 'google-adk' without version pinning. Repository activity metrics cannot be determined from static files alone. The score reflects good documentation practices but significant gaps in code quality infrastructure for the example code provided.

View source on GitHub →