A privacy-conscious MCP server that enables image analysis via Google Gemini with safety features like two-step confirmation and SSRF defenses.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
undici vulnerable to cross-user information disclosure via shared cache whitespace bypass
process.env. You'll be asked to provide them before it can run.GEMINI_API_KEY— (required) Your key from Google AI Studio.GEMINI_VISION_ALLOW_LOCAL_FILE— true Set false to refuse local file inputs.GEMINI_VISION_ALLOW_URL— true Set false to refuse URL inputs entirely.GEMINI_VISION_BLOCK_LOCAL_URLS— true Set false to disable SSRF/private-IP blocking (not recommended).GEMINI_VISION_MODEL— model no Override the model for this call (e.g. gemini-2.5-flash). Falls back to .HTTPS_PROXY— Proxy aware via / HTTP_PROXY. Useful where Google APIsHTTP_PROXY— Proxy aware via HTTPS_PROXY / . Useful where Google APIshttp_proxyhttps_proxy[](https://m8ven.ai/mcp/nianshou555qiansui-gemini-vision-mcp-safe-1a6gyn)