Gmail MCP Server

Enables AI assistants to interact with Gmail through OAuth2 authentication, allowing users to list, search, read emails, and create drafts with a safety-first design that prevents accidental sends by default.

→ JaviEzpeleta/gmail-mcp-server · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 3 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

🔐

You'll be asked for 2 credentials: GMAIL_CLIENT_SECRET, GMAIL_REFRESH_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configGMAIL_ALLOW_DIRECT_SEND— "": "false"

configGMAIL_CLIENT_ID— your_client_id_here

🔐 secretGMAIL_CLIENT_SECRET— your_client_secret_here

🔐 secretGMAIL_REFRESH_TOKEN— Copy the complete value

configOAUTH_REDIRECT_PORT— (optional, defaults to 8765)

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/javiezpeleta-gmail-mcp-server-9m1t9c)](https://m8ven.ai/mcp/javiezpeleta-gmail-mcp-server-9m1t9c)

commit: aeecd0770c1e342f922e66c3eb7d62d7d761e7df

code hash: cfd4275c9d508bb4d3a890b7b4c013cd6d9d9d499ce6e6bef469210541900bae

verified: 4/18/2026, 6:54:43 PM

view raw JSON →