gtm-mcp
Provides an MCP server (Node/TypeScript) that exposes Google Tag Manager API v2 operations for reading and managing GTM accounts/containers/workspaces/tags/triggers/variables and for publishing/auditing version changes. Uses OAuth 2.0 credentials to authenticate and supports configuration via environment variables and a separate auth helper to obtain/refresh tokens.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Uses OAuth 2.0 and stores tokens in token.json; README advises saving credentials.json and token.json to disk and does not indicate whether tokens are ever logged. It does not document OAuth scope granularity, token storage hardening (encryption/permissions), or redaction behavior. TLS is assumed for Google API calls but not explicitly stated.
⚡ Reliability
Best When
You want an agent-friendly way to manage GTM through the MCP tool interface, with OAuth-based access to your own Google Cloud project and Tag Manager accounts.
Avoid When
You cannot securely store/use OAuth client credentials and refresh tokens, or you need strict operational guarantees (e.g., idempotent safe writes) without additional safeguards.
Use Cases
- • Programmatically audit GTM configuration (tags/triggers/variables) and workspace/container state
- • Create/update/revert GTM entities (tags, triggers, variables) via an agent workflow
- • Publish GTM container version changes and manage version headers/environments
- • Automate common server-side tagging workflows (e.g., GA4/Facebook Pixel/form tracking templates)
Not For
- • Public, unauthenticated access to GTM management
- • Browser-based interactive usage (it is a local/hosted MCP server/CLI tool)
- • Use cases requiring a stable REST/GraphQL API surface for direct application integration without MCP
Interface
Authentication
README describes OAuth 2.0 credentials flow (Desktop app type) and token storage in token.json; it does not detail OAuth scopes or least-privilege configuration.
Pricing
No pricing information provided in README; as an open-source npm package, cost is primarily related to Google Cloud/Google API usage and your infrastructure.
Agent Metadata
Known Gotchas
- ⚠ Mutating operations (create/update/delete/publish) may not be safely idempotent; agents should confirm targets before executing.
- ⚠ Uses numeric GTM IDs (account/container/workspace) and may fail if given public/container IDs in the wrong format.
- ⚠ Authentication requires running a separate auth command and providing credentials/token files; failures may be due to missing/invalid files or insufficient container permissions.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for gtm-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.