A secure MCP server that enables Claude to read, search, send, reply, forward, and manage Gmail messages and labels through natural language commands.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
When Vitest UI server is listening, arbitrary file can be read and executed
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
process.env. You'll be asked to provide them before it can run.GMAIL_MCP_CONCURRENCY— export ="5" # parallel API fetch limitGMAIL_MCP_CONFIG_DIR— export ="$HOME/.config/gmail-mcp" # token storage dirGMAIL_MCP_CREDENTIALS_PATH— export ="./credentials.json" # credentials locationGMAIL_MCP_LOG_LEVEL— export ="info" # debug info warn errorGMAIL_MCP_MAX_ATTACHMENT_BYTES— export ="5242880" # 5 MB inline attachment capGMAIL_MCP_MAX_BODY_BYTES— export ="5242880" # 5 MB email body capGMAIL_MCP_REDIRECT_PORT— export ="3000" # OAuth callback portGMAIL_MCP_TOKEN_KEY— export ="your-64-char-hex-key-here"[](https://m8ven.ai/mcp/ndungukamami-sketch-gmail-mcp-server-1v5y1e)