Google

64 tools. 44 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

44 can modify or destroy data
20 read-only
64 tools total

Community server · catalogue entry verified 29/06/2026

How to control Google ↓

What Google exposes to your agents

Read (20) Write / Execute (40) Destructive / Financial (4)
Critical Risk

The most dangerous Google tools

44 of Google's 64 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Google

PolicyLayer is an MCP gateway — it sits between your AI agents and Google, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "calendar_delete_calendar": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "calendar_create_calendar": {
    "limits": [
      {
        "counter": "calendar_create_calendar_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "calendar_get_free_busy_info": {
    "limits": [
      {
        "counter": "calendar_get_free_busy_info_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Google — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON GOOGLE →

Instant setup, no code required.

All 64 Google tools

WRITE 38 tools
Write calendar_create_calendar Create a new calendar Write calendar_create_event Create a Google Calendar event Write calendar_duplicate_event Duplicate an event to a new date/time Write calendar_respond_to_event Respond to an event invitation (accepted, declined, tentative) Write calendar_set_event_reminders Set reminders for an event (JSON format: [{"method": "email", "minutes": 30}]) Write confirm_create_event ✅ Confirm and create the prepared calendar event Write confirm_send_email ✅ Confirm and send the prepared email Write confirm_share_file ✅ Confirm and share the prepared file Write create_meeting_from_email Parse an email and create a calendar event from it Write drive_copy_file Copy a file in Google Drive Write drive_create_file Create a file in Google Drive Write drive_create_folder Create a folder in Google Drive Write drive_create_google_doc Create a Google Doc Write drive_create_google_sheet Create a Google Sheet Write drive_create_google_slide Create a Google Slides presentation Write drive_move_file Move a file to a different folder in Google Drive Write drive_rename_file Rename a file in Google Drive Write drive_share_file Share a file with a user Write drive_update_file_content Update the content of an existing file in Google Drive Write drive_upload_file Upload a file to Google Drive Write gmail_add_label Add labels to a Gmail message (comma-separated label IDs) Write gmail_archive_message Archive a Gmail message Write gmail_bulk_modify gmail_bulk_modify Write gmail_create_draft Create a Gmail draft Write gmail_forward_message Forward a Gmail message Write gmail_remove_label Remove labels from a Gmail message (comma-separated label IDs) Write gmail_reply_to_message Reply to a Gmail message Write gmail_send_html_message Send an HTML Gmail message Write gmail_send_message Send a Gmail message Write prepare_bulk_modify prepare_bulk_modify Write prepare_create_event ✅ SAFE: Prepare calendar event - shows preview and requires confirmation Write prepare_send_email ✅ SAFE: Prepare email for sending - shows preview and requires confirmation Write prepare_share_file ✅ SAFE: Prepare file sharing - shows preview and requires confirmation Write save_email_to_drive Save an email as a file in Google Drive Write share_drive_file_via_email Share a Drive file and send email notification Write smart_create_event_unsafe ⚠️ UNSAFE: Create calendar event immediately without confirmation (use names or emails) Write smart_send_email_unsafe ⚠️ UNSAFE: Send email immediately without confirmation (use names or emails) Write smart_share_file_unsafe ⚠️ UNSAFE: Share file immediately without confirmation (use names or emails)

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Google

Can an AI agent delete data through the Google MCP server? +

Yes. The Google server exposes 4 destructive tools including calendar_delete_calendar, cancel_operation, gmail_delete_message. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Google? +

The Google server has 38 write tools including calendar_create_calendar, calendar_create_event, calendar_duplicate_event. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Google.

How many tools does the Google MCP server expose? +

64 tools across 3 categories: Destructive, Read, Write. 20 are read-only. 44 can modify, create, or delete data.

How do I enforce a policy on Google? +

Register the Google MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Google tool call.

Deterministic rules across all 64 Google tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

64 Google tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.