// SCAN REPORT

Google Cloud MCP Server

40 tools. 4 can modify or destroy data without limits.

4 write tools that can modify data. Rate limits recommended.

Last updated: 11 Jun 2026

4 can modify or destroy data

36 read-only

40 tools total

Community server · catalogue entry verified 11/06/2026

How to control Google Cloud MCP Server ↓

TOOL MAP

What Google Cloud MCP Server exposes to your agents

Read (36) Write / Execute (4) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

High Risk

The most dangerous Google Cloud MCP Server tools

Execute · High gcp-spanner-execute-query The tool's name 'execute-query' combined with its context (Spanner database interaction) indicates it runs arbitrary SQL queries. Execute · High gcp-spanner-query-count The tool name implies executing a COUNT query against a Google Cloud Spanner database. Execute · High gcp-spanner-query-natural-language The tool likely translates natural language into Spanner SQL queries and executes them. Write · Medium gcp-utils-set-project-id This tool modifies configuration state (the active project context) which is a reversible write operation.

4 of Google Cloud MCP Server's 40 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Google Cloud MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Google Cloud MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations

{
  "gcp-utils-set-project-id": {
    "limits": [
      {
        "counter": "gcp-utils-set-project-id_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "gcp-billing-analyse-costs": {
    "limits": [
      {
        "counter": "gcp-billing-analyse-costs_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Google Cloud MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON GOOGLE CLOUD →

Free to start. No card required.

FULL CATALOGUE

All 40 Google Cloud MCP Server tools

EXECUTE 3 tools

Execute gcp-spanner-execute-query gcp-spanner-execute-query Execute gcp-spanner-query-count gcp-spanner-query-count Execute gcp-spanner-query-natural-language gcp-spanner-query-natural-language

WRITE 1 tools

Write gcp-utils-set-project-id Set the default Google Cloud project ID to use for all operations

READ 36 tools

Read gcp-billing-analyse-costs Perform detailed cost analysis with trends and insights for Google Cloud billing data Read gcp-billing-cost-recommendations Generate cost optimisation recommendations with potential savings for Google Cloud billing Read gcp-billing-detect-anomalies Detect unusual cost patterns and spending anomalies in Google Cloud billing data Read gcp-billing-get-account-details Retrieve detailed information about a specific Google Cloud billing account Read gcp-billing-get-project-info Retrieve billing configuration and status for a Google Cloud project Read gcp-billing-list-accounts List all Google Cloud billing accounts accessible to the user Read gcp-billing-list-projects List all projects associated with a specific Google Cloud billing account Read gcp-billing-list-services List all available Google Cloud services for billing and cost analysis Read gcp-billing-list-skus List all SKUs (Stock Keeping Units) and pricing information for a Google Cloud service Read gcp-billing-service-breakdown Get detailed cost breakdown by Google Cloud service with usage and SKU information Read gcp-error-reporting-analyse-trends gcp-error-reporting-analyse-trends Read gcp-error-reporting-get-group-details gcp-error-reporting-get-group-details Read gcp-error-reporting-list-groups gcp-error-reporting-list-groups Read gcp-iam-analyse-permission-gaps Compare current permissions against required permissions for specific operations and identify gaps Read gcp-iam-get-project-policy Retrieve the IAM policy for a Google Cloud project Read gcp-iam-list-deployment-services List all GCP services with pre-defined deployment permission sets Read gcp-iam-test-project-permissions Test which permissions the current caller has on a Google Cloud project Read gcp-iam-test-resource-permissions Test which permissions the current caller has on specific Google Cloud resources Read gcp-iam-validate-deployment-permissions Check if current caller has required permissions for deploying to common GCP services Read gcp-logging-query-logs Query Google Cloud Logs with custom filters. Searches across all payload types (text, JSON, proto) and metadat Read gcp-logging-query-time-range Query Google Cloud Logs within a specific time range. Supports relative times (1h, 2d) and ISO timestamps. Read gcp-logging-search-comprehensive Search across all log fields including textPayload, jsonPayload, protoPayload, labels, HTTP requests, and meta Read gcp-monitoring-list-metric-types gcp-monitoring-list-metric-types Read gcp-monitoring-query-metrics gcp-monitoring-query-metrics Read gcp-monitoring-query-natural-language gcp-monitoring-query-natural-language Read gcp-profiler-analyse-performance gcp-profiler-analyse-performance Read gcp-profiler-compare-trends gcp-profiler-compare-trends Read gcp-profiler-list-profiles gcp-profiler-list-profiles Read gcp-spanner-list-databases gcp-spanner-list-databases Read gcp-spanner-list-instances gcp-spanner-list-instances Read gcp-spanner-list-tables gcp-spanner-list-tables Read gcp-trace-find-from-logs gcp-trace-find-from-logs Read gcp-trace-get-trace gcp-trace-get-trace Read gcp-trace-list-traces gcp-trace-list-traces Read gcp-trace-query-natural-language gcp-trace-query-natural-language Read gcp-utils-get-project-id Get the current Google Cloud project ID and recent project history

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Google Cloud MCP Server

How do I prevent bulk modifications through Google Cloud MCP Server? +

The Google Cloud MCP Server server has 1 write tools including gcp-utils-set-project-id. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Google Cloud MCP Server.

How many tools does the Google Cloud MCP Server MCP server expose? +

40 tools across 3 categories: Execute, Read, Write. 36 are read-only. 4 can modify, create, or delete data.

How do I enforce a policy on Google Cloud MCP Server? +

Register the Google Cloud MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Google Cloud MCP Server tool call.

Deterministic rules across all 40 Google Cloud MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON GOOGLE CLOUD →

Free to start. No card required.

40 Google Cloud MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.