google-workspace

The skill fragment describes a plausible, legitimate tool for OAuth-based Google Workspace access via a CLI, with a modern flow and token persistence. Key security considerations include the breadth of API access, local storage of OAuth tokens, and reliance on external tooling (mcporter) and the MCP package. To improve risk posture, validate the MCP package provenance, audit the exact OAuth scopes granted, enforce least privilege, ensure proper local token permissions and encryption if possible, and review the mcporter dependency for supply-chain integrity. Consider using official Google client libraries with explicit scopes and minimizing token exposure in shared environments.