gcp-mcp-server
Provides an MCP server that exposes a subset of Google Cloud read-only data via MCP tools: listing and describing Projects, GKE/Container clusters, and Cloud Run services. Supports both stdio and SSE transport, implemented in Go with Cobra.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS enforcement for SSE/stdio is not described; Cloud Run example uses --allow-unauthenticated which may expose the service publicly unless protected elsewhere. Auth appears to rely on a service account key file mounted from Secret Manager (requires GOOGLE_APPLICATION_CREDENTIALS). README does not discuss least-privilege beyond granting roles/editor (broad). Secrets are referenced via Cloud Run secret mounting, which is a positive pattern, but agent-facing auth and MCP-level access control are not documented.
⚡ Reliability
Best When
You want an MCP tool layer for lightweight Google Cloud discovery (list/describe) and you can authenticate to Google via service account credentials referenced by environment variables.
Avoid When
You need robust, documented guarantees on MCP tool error formats, idempotency, pagination, and retry behavior, or you require strict production security posture for public deployments.
Use Cases
- • Allow an MCP-capable agent to explore Google Cloud projects and resources
- • Generate answers that require current metadata about GCP projects, GKE clusters, and Cloud Run services
- • Local development with MCP inspector using stdio or SSE
Not For
- • Write operations / mutating Google Cloud resources (not indicated)
- • Use cases requiring comprehensive coverage of all GCP services (only a few services/operations listed)
- • Environments needing formal API contracts (OpenAPI/typed SDK) beyond MCP tooling
Interface
Authentication
README indicates service-account key file access through a secret mounted into Cloud Run and referenced by GOOGLE_APPLICATION_CREDENTIALS. No agent-facing OAuth flow or explicit MCP-level auth is documented.
Pricing
Open source; costs depend on where you run it (e.g., Cloud Run) and GCP API usage/quotas.
Agent Metadata
Known Gotchas
- ⚠ Only a limited set of services/operations are listed (Projects, Container/Clusters, Cloud Run/Services). Agents may expect more coverage.
- ⚠ Production deployment example uses --allow-unauthenticated; if mirrored, tools could be exposed publicly without additional MCP-level access control.
- ⚠ README does not document MCP tool schemas, pagination behavior, or retry/error conventions.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for gcp-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.