gmail-mcp-server
Verified Safeby Shreykhanna
Overview
Integrate Gmail and Google Calendar functionalities into AI agents via a Model Context Protocol (MCP) server.
Installation
tsx src/index.tsSecurity Notes
The most critical security/functional flaw is in `src/send/sendEmail.ts`, where the `userId` for sending an email is hardcoded to `"shrey.khanna.au@gmail.com"` instead of using the authenticated user's ID (`"me"`). This means all emails sent via the 'send_email' tool will originate from this hardcoded address, regardless of who authenticates the Gmail API access. This is a significant impersonation risk or a functional bug that prevents multi-user support. Additionally, `src/read/readGmail.ts` uses `process.exit(1)` upon failure, which can abruptly terminate the server. Credentials are read from local files (`credentials.json`, `token.json`) at fixed paths derived from `process.cwd()`, which requires careful handling of these files to prevent unauthorized access. No `eval` or obfuscation was found.
Similar Servers
gmail-mcp
Manages Gmail emails programmatically, enabling AI systems to read, send, archive, and perform other email operations on behalf of a user.
stateful-auth-for-mcp-servers
Integrates Google Gmail and Calendar APIs to enable an AI agent to read emails and manage calendar events with stateful authorization for event deletions.
gcal-mcp-server
Provides intelligent Google Calendar integration, event management, and scheduling capabilities through a standardized Model Context Protocol (MCP) interface for AI assistants.
calendar-mcp
A unified Model Context Protocol (MCP) server that enables AI assistants to access multiple email and calendar accounts simultaneously across Microsoft 365, Outlook.com, and Google Workspace.