mcp-servers
by cloudaeon-pvt-ltd
Overview
This server enables sending emails through Microsoft Outlook/Office 365 using the Microsoft Graph API, triggered by an MCP-compatible client.
Installation
python main.pyEnvironment Variables
- SENDER_EMAIL_ID
- TENANT_ID
- CLIENT_ID
- CLIENT_SECRET
Security Notes
The server retrieves sensitive credentials (CLIENT_ID, CLIENT_SECRET, TENANT_ID) from environment variables, which is good practice. However, the `send_email` function allows an MCP client to specify an `attachment_file_path`. While `os.path.normpath` is used for cleanup, the server attempts to open and base64 encode *any* path provided by the client if it has read access. This poses a significant Local File Inclusion (LFI) risk, allowing a malicious MCP client to potentially read and email arbitrary files from the server's filesystem. Additionally, the `Mail.Send` application permission, as highlighted in the README, allows sending emails as *any* user in the tenant, which is a powerful capability that could be misused by an untrusted client. There are no obvious `eval` or obfuscation patterns.
Similar Servers
ms-365-mcp-server
Interacting with Microsoft 365 and Office services through the Graph API via a Model Context Protocol (MCP) server.
mcp-email-server
This server allows MCP clients to interact with email accounts via IMAP and SMTP protocols, enabling functionalities like listing, fetching, sending, and deleting emails.
outlook-mcp
Enables AI assistants to interact with Microsoft Outlook for email, calendar, and SharePoint operations through the Microsoft Graph API.
outlook-mcp-server
AI-powered local email management for Microsoft Outlook, enabling search, composition, organization, and batch forwarding of emails using natural language commands.