// SCAN REPORT

Apps Script MCP

60 tools. 34 can modify or destroy data without limits.

7 destructive tools with no built-in limits. Policy required.

Last updated:

34 can modify or destroy data
26 read-only
60 tools total

Community server · catalogue entry verified 12/06/2026

How to control Apps Script MCP ↓

TOOL MAP

What Apps Script MCP exposes to your agents

Read (26) Write / Execute (25) Destructive / Financial (7)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Apps Script MCP tools

Destructive · High delete_deployment_tool This tool permanently removes a deployment, which is an irreversible action that destroys data/configuration. Destructive · High delete_drive_file_tool This tool irreversibly removes data from Google Drive with no undo capability. Destructive · High delete_event_tool Deleting a calendar event destroys data that cannot be recovered through the tool itself. Destructive · High delete_script_project_tool Deletion of an entire Apps Script project cannot be undone and represents a permanent loss of code, configurations, and potentially associated resources.

34 of Apps Script MCP's 60 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Apps Script MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Apps Script MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_deployment_tool": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "append_doc_text_tool": {
    "limits": [
      {
        "counter": "append_doc_text_tool_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_doc_content_tool": {
    "limits": [
      {
        "counter": "get_doc_content_tool_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Apps Script MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON APPS SCRIPT →

Free to start. No card required.

FULL CATALOGUE

All 60 Apps Script MCP tools

DESTRUCTIVE 7 tools
Destructive delete_deployment_tool Delete a deployment. Destructive delete_drive_file_tool Permanently delete a file from Google Drive. Destructive delete_event_tool Delete a calendar event. Destructive delete_script_project_tool Delete an Apps Script project. Destructive delete_task_tool Delete a task from Google Tasks. Destructive remove_drive_permission_tool Remove a permission from a file or folder. Destructive trash_drive_file_tool Move a file to trash in Google Drive (recoverable).
EXECUTE 2 tools
Execute run_script_function_tool run_script_function_tool Execute start_google_auth_tool Start Google OAuth authentication flow.
WRITE 23 tools
Write append_doc_text_tool Append text to the end of a Google Doc. Write append_sheet_values_tool append_sheet_values_tool Write share_drive_file_tool share_drive_file_tool Write add_form_question_tool add_form_question_tool Write complete_task_tool Mark a task as completed in Google Tasks. Write create_deployment_tool Create a new deployment of the script. Write create_doc_tool Create a new Google Doc. Write create_drive_file_tool create_drive_file_tool Write create_drive_folder_tool Create a new folder in Google Drive. Write create_event_tool create_event_tool Write create_form_tool Create a new Google Form. Write create_script_project_tool create_script_project_tool Write create_spreadsheet_tool Create a new Google Spreadsheet. Write create_task_tool create_task_tool Write create_version_tool create_version_tool Write modify_doc_text_tool modify_doc_text_tool Write modify_gmail_labels_tool modify_gmail_labels_tool Write send_gmail_message_tool send_gmail_message_tool Write update_deployment_tool Update an existing deployment configuration. Write update_event_tool update_event_tool Write update_script_content_tool update_script_content_tool Write update_sheet_values_tool update_sheet_values_tool Write update_task_tool update_task_tool
READ 26 tools
Read get_doc_content_tool Get the content of a Google Doc. Read get_drive_file_content_tool Get the content of a Google Drive file. Read get_events_tool get_events_tool Read get_form_responses_tool Get responses submitted to a Google Form. Read get_form_tool Get a Google Form's structure and questions. Read get_gmail_message_tool Get a specific Gmail message by ID. Read get_script_content_tool Retrieve content of a specific file within a project. Read get_script_metrics_tool get_script_metrics_tool Read get_script_project_tool Retrieve complete project details including all source files. Read get_sheet_values_tool get_sheet_values_tool Read get_spreadsheet_metadata_tool Get metadata about a spreadsheet including all sheet names and properties. Read get_tasks_tool get_tasks_tool Read get_version_tool Get details of a specific version. Read list_calendars_tool List all calendars accessible to the user. Read list_deployments_tool List all deployments for a script project. Read list_drive_items_tool List files and folders in a Drive folder. Read list_drive_permissions_tool List all permissions on a file or folder. Read list_gmail_labels_tool List all Gmail labels for the user. Read list_script_processes_tool List recent execution processes for user's scripts. Read list_script_projects_tool List Google Apps Script projects accessible to the user. Read list_spreadsheets_tool List Google Sheets spreadsheets in Drive. Read list_task_lists_tool List all Google Tasks lists for the user. Read list_versions_tool List all versions of a script project. Read search_docs_tool Search for Google Docs by name. Read search_drive_files_tool search_drive_files_tool Read search_gmail_messages_tool Search for Gmail messages matching a query.
OTHER 2 tools
Other complete_google_auth_tool Complete the Google OAuth flow with the redirect URL. Other generate_trigger_code generate_trigger_code
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Apps Script MCP

Can an AI agent delete data through the Apps Script MCP server? +

Yes. The Apps Script MCP server exposes 7 destructive tools including delete_deployment_tool, delete_drive_file_tool, delete_event_tool. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Apps Script MCP? +

The Apps Script MCP server has 23 write tools including append_doc_text_tool, append_sheet_values_tool, share_drive_file_tool. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Apps Script MCP.

How many tools does the Apps Script MCP server expose? +

60 tools across 4 categories: Destructive, Execute, Read, Write. 26 are read-only. 34 can modify, create, or delete data.

How do I enforce a policy on Apps Script MCP? +

Register the Apps Script MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Apps Script MCP tool call.

Deterministic rules across all 60 Apps Script MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON APPS SCRIPT →

Free to start. No card required.

60 Apps Script MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.