Back to MCP Trust Indexm8ven
56
grade D
10 days ago
official

faithk7/gmail-mcp

Manage Gmail messages, threads, labels, drafts, and settings from your workflows. Send and organiz…

faithk7/gmail-mcp· listed on official

Install from

Official

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 2 credentials: CLIENT_SECRET, REFRESH_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configAUTH_SERVER_PORTPort for the temporary OAuth authentication server No 3000
configCLIENT_ID6. (Optional) For remote server installation (ex. using Smithery CLI), note the and CLIENT_SECRET from this file.
🔐 secretCLIENT_SECRET6. (Optional) For remote server installation (ex. using Smithery CLI), note the CLIENT_ID and from this file.
configMCP_CONFIG_DIRGMAIL_CREDENTIALS_PATH Path to the user credentials file No /credentials.json
configPORTPort for Streamable HTTP transport method No 3000
🔐 secretREFRESH_TOKEN4. (Optional) For remote server installation, note the file path mentioned in the success message (~/.gmail-mcp/credentials.json by default). The user's will be found here.
configTELEMETRY_ENABLEDEnable telemetry No true
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/official-https-github-com-faithk7-gmail-mcp)](https://m8ven.ai/mcp/official-https-github-com-faithk7-gmail-mcp)
commit: 2c3470bd71934f1fca9e0b70c72ae432cf185e7c
code hash: 1d90e91bea24b2aafaf046e57d944316c4a2bd50b356892518724edae628fd6f
verified: 4/11/2026, 1:36:34 PM
view raw JSON →