gtm-mcp-server
Provides an MCP (Model Context Protocol) server that lets an LLM manage Google Tag Manager (GTM) accounts/containers/workspaces: read GTM entities, create/update/delete tags, triggers, variables, templates, and server-side GTM components, and version/publish changes via guided actions with safety confirmations.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses OAuth 2.1 with PKCE and claims token-based authentication with revocation. README includes safety confirmations for deletions/publishing and workspace-only changes until publish. However, provided content does not detail scope granularity, TLS requirements explicitly, or operational security controls (logging/redaction, audit retention), so scores reflect partial documentation.
⚡ Reliability
Best When
You want an LLM-driven, tool-based workflow (with MCP + OAuth) to read and make structured GTM changes, including safe versioning and optional confirmations before destructive actions.
Avoid When
You cannot authenticate/authorize via the described OAuth flow, or you need guarantees about rate limits, reliability, and error recovery behaviors beyond what’s documented.
Use Cases
- • Generate and maintain GA4/ecommerce tracking setups in GTM via natural language
- • Audit GTM containers for issues (duplicates, naming inconsistencies, orphaned items, best-practice/security concerns)
- • Create triggers, variables, and templates for common measurement patterns
- • Implement consent-aware tracking logic (e.g., fire tags only when analytics consent is granted)
- • Bulk update/rename/organize GTM items across large containers
- • Agencies standardizing multiple client GTM implementations and publishing via versioning
- • Server-side GTM setup for clients and event transformations
Not For
- • Replacing Google Tag Manager UI for teams that need full UI workflows and fine-grained manual control
- • Use cases requiring tight SLAs where failures or partial changes cannot be tolerated
- • Highly regulated environments without assurance of logging, auditability, and data handling practices beyond what’s documented
Interface
Authentication
README describes OAuth 2.1 + PKCE and token-based auth that can be revoked; it does not specify exact scopes/granularity in the provided text.
Pricing
No pricing information provided; likely self-hostable only (per Docker instructions) and/or an externally hosted MCP URL.
Agent Metadata
Known Gotchas
- ⚠ Google Tag Manager API may silently drop certain trigger condition fields (e.g., `autoEventFilter`) when creating/updating certain trigger types.
- ⚠ Without explicit idempotency guarantees, agents should avoid blindly retrying write operations; prefer pre-checks (e.g., list/get then update) and confirmation steps before deletes/publish.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for gtm-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.