Zapier MCP
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad Zapier actions are exposed, an agent mistake or ambiguous instruction could change external accounts, send messages, or create business records.
The documented examples show the agent can use Zapier tools to send email, post messages, and create records/events in third-party apps.
mcporter call zapier-mcp.gmail_send_email ... / google_sheets_create_row ... / google_calendar_create_event ...
Expose only the Zapier actions you actually want the agent to use, and require explicit confirmation before sending messages, creating records, or touching financial/business systems.
A mistaken or deceptive URL could register a non-Zapier MCP server under the Zapier name, letting an unexpected remote endpoint define tools and receive tool-call instructions.
The backend only enforces HTTPS and does not restrict the configured MCP server to Zapier’s documented actions.zapier.com/mcp origin.
if (!mcpUrl.startsWith("https://")) { ... error: "MCP URL must use HTTPS" }Verify the URL begins with the official Zapier MCP origin, and the implementation should restrict or clearly warn on non-Zapier MCP URLs.
Anyone who gets the MCP URL may be able to access the Zapier actions configured for that URL.
The MCP URL acts as an authentication secret for the user’s configured Zapier actions, even though registry metadata lists no primary credential.
Zapier MCP uses a simple URL-based authentication — just paste your MCP URL and you're connected.
Treat the MCP URL like an API key: do not share it, avoid screenshots/logs that reveal it, and regenerate it in Zapier if exposed.