Delv
CommunityActive· 18d4.3by nspady

Google Calendar

Schedule, list, update events directly from Claude. Combine with Gmail MCP for an actual personal-assistant feel.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 62/100 · assessed 2026-04-28

Maintainer45
Permissions75
Supply chain65
Transparency60
Incidents100

This community-built Google Calendar MCP server provides scoped calendar access through OAuth, which is architecturally sound. The maintainer (nspady) appears to be a solo developer with limited public track record, creating meaningful bus factor risk. The package is distributed via npm under the @cocal scope, suggesting some organizational structure, though the scope ownership and maintenance commitments are unclear. Permissions are reasonably scoped to calendar read/write operations via Google's OAuth flow, which limits blast radius compared to broader filesystem or shell access. The OAuth credential requirement means users must trust both the server code and Google's token handling. No known security incidents, but the combination of solo maintenance, thin documentation trail, and calendar write access warrants careful review of the source before deployment. Suitable for personal use with awareness of maintenance risk.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Event invites carry attacker-controlled descriptions; private events are private; sending invites is outbound. Often overlooked.

Green flags

  • Uses OAuth flow rather than API keys, following Google security best practice
  • Scoped to calendar domain only, no filesystem or shell access
  • Published to npm with standard package distribution
  • No known security incidents or malicious versions

Red flags

  • Solo maintainer with limited public GitHub activity or track record
  • Requires OAuth secrets stored in environment, potential credential exposure
  • Calendar write access allows event creation/modification/deletion
  • @cocal npm scope ownership and governance unclear

Permissions requested

Outbound networkAccess secretsIdentity readIdentity write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx @cocal/google-calendar-mcp
Env vars needed: GOOGLE_OAUTH_CLIENT_IDGOOGLE_OAUTH_CLIENT_SECRET

Review

This MCP server turns Claude Desktop into a calendar assistant that can read, create, and update Google Calendar events. You authenticate once via OAuth, then ask Claude to schedule meetings, check availability, or reschedule conflicts without leaving the chat. It's one of the more practical MCPs for anyone who lives in their calendar. I'd reach for this when I'm triaging email and need to block time without alt-tabbing to Google Calendar. The workflow is straightforward: "Schedule a 30-minute call with Sarah next Tuesday at 2pm" or "What's on my calendar tomorrow?" Claude handles the API calls, confirms the details, and you're done. Pair it with the Gmail MCP and you get something close to an actual assistant—reading an email, checking your calendar, proposing times, all in one thread. The OAuth setup is the main friction point. You need to create a Google Cloud project, enable the Calendar API, generate OAuth credentials, and paste them into environment variables. It's not difficult if you've done it before, but it's a 15-minute detour for first-timers. Once configured, it's stable. The server supports Claude Desktop and Cursor, though Cursor users will need to manually edit their MCP settings file. One quirk: Claude sometimes asks for clarification on recurring events or timezone edge cases, which is sensible but slows things down. Another: you can't yet manage calendar permissions or share events, so it's strictly personal calendar work. If you're looking for team scheduling or meeting room booking, this won't cover it. The real value is in reducing context switches. I find myself using it most when I'm already in a Claude thread doing research or drafting something, and I need to carve out time to follow up. It's not a replacement for a full calendar app, but it's a solid satellite tool for anyone who spends half their day in Claude anyway.
Verdict

Install this if you use Claude Desktop daily and your calendar is a bottleneck. Skip it if you're happy with keyboard shortcuts in Google Calendar, or if the OAuth setup sounds like more hassle than it's worth. For the right workflow, it's quietly indispensable.

Good at

  • Reduces context switching when you're already working in Claude and need to schedule something quickly.
  • OAuth authentication is secure and persists across sessions once configured.
  • Works well alongside the Gmail MCP for a combined inbox-and-calendar assistant workflow.
  • Handles basic CRUD operations (create, read, update, delete events) reliably without requiring manual API calls.

Watch out

  • OAuth setup requires creating a Google Cloud project and managing credentials, which takes 10-15 minutes the first time.
  • No support for recurring event patterns beyond what you can describe in natural language, which can be hit-or-miss.
  • Doesn't handle team calendars, shared events, or meeting room booking—strictly personal calendar use.
  • Cursor support requires manual MCP config editing, no automated installer available.

Getting started

1. Create a Google Cloud project, enable the Google Calendar API, and generate OAuth 2.0 credentials (client ID and secret). 2. Set GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET as environment variables on your system. 3. Clone the repo, install dependencies with npm install, and add the server to your Claude Desktop or Cursor MCP config, pointing to the server's entry file. 4. Restart Claude Desktop or Cursor, then ask Claude to list your calendar events to trigger the OAuth flow and verify the connection. 5. Watch out for timezone assumptions—Claude sometimes defaults to UTC, so specify your timezone explicitly in requests if you're not seeing the right times.

Works with

Claude DesktopCursor

Similar MCPs