Gmail MCP
MCP server for Gmail - read, send, archive, and manage emails, drafts, labels, filters, and threads
Score Breakdown
Server Info
- Package
- gmail-mcp
- Registry
- npm
- Repository
- domdomegg/gmail-mcp
- Maintainer
- Community
- Category
- Communication
- Tags
- emailgooglegmail
- Last Scanned
- 7 Apr 2026
Findings
8 issuesAuthentication & Identity
LOWImplements MCP OAuth spec for per-user authentication
Supports both stdio and HTTP transport. Stdio requires GOOGLE_ACCESS_TOKEN env var. HTTP mode implements full MCP OAuth spec with .well-known/oauth-authorization-server and .well-known/oauth-protected-resource endpoints. Acts as OAuth proxy to Google, handling authorization_code and refresh_token grants. Uses StreamableHTTPServerTransport. Bearer token validation on /mcp endpoint with token validity check. Allows unauthenticated tools/list for discovery.
Document the required OAuth scopes for each tool.
Tool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: filter_create.
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 4 of 36 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
MEDIUM3 list operations lack pagination
messages_list, threads_list, and drafts_list support pagination via maxResults (with min/max constraints) and pageToken. labels_list, filters_list, and vacation_get return all records without pagination (acceptable for small reference data). No field selection - full records returned. Output schemas validate and shape responses.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by Adam Jones (domdomegg)
No official vendor backing.
Seek vendor verification.
MEDIUM9 dependency vulnerabilities (6 high)
npm audit found 6 high severity CVEs.
Update vulnerable dependencies.
Tools
36 total| Name | Description | Risk |
|---|---|---|
| get_profile | Get the current user's Gmail profile including email address | read |
| messages_list | List individual messages. Consider using gmail_threads_list instead to group related messages. Use gmail_message_get to fetch full content. | read |
| message_get | Get a single message by ID. Consider using gmail_thread_get to get all messages in a conversation. | read |
| message_send | Send an email message. Can also be used to reply to existing threads. | write |
| message_forward | Forward an email message to new recipients, including attachments and inline images. | write |
| message_modify | Modify the labels on a message. Use this to archive (remove INBOX), mark as read (remove UNREAD), star, etc. | write |
| message_archive | Archive a message by removing the INBOX label. The message remains accessible via search or All Mail. | write |
| message_trash | Move a message to the trash. Messages in trash are deleted after 30 days. | write |
| message_untrash | Remove a message from trash | write |
| message_delete | Permanently delete a message. This cannot be undone. Prefer gmail_message_trash for most cases. | admin |
| messages_batch_modify | Modify labels on multiple messages at once | write |
| messages_batch_delete | Permanently delete multiple messages. This cannot be undone. | admin |
| thread_get | Get all messages in a thread (conversation). Recommended over gmail_message_get for reading emails. | read |
| threads_list | List or search email threads (conversations). Recommended over messages_list for most use cases. | read |
| thread_modify | Modify labels on a thread | write |
| thread_trash | Move a thread to trash | write |
| thread_untrash | Remove a thread from trash | write |
| thread_delete | Permanently delete a thread. This cannot be undone. Prefer gmail_thread_trash for most cases. | admin |
| draft_create | Create a new draft email. The draft can be edited and sent later from Gmail. | write |
| draft_get | Get a specific draft by ID | read |
| drafts_list | List all drafts | read |
| draft_update | Update an existing draft | write |
| draft_delete | Permanently delete a draft | admin |
| draft_send | Send an existing draft | write |
| labels_list | List all labels in the user's mailbox. Includes both system labels (INBOX, SENT, etc.) and user-created labels. | read |
| label_get | Get a specific label by ID | read |
| label_create | Create a new label | write |
| label_update | Update an existing label | write |
| label_delete | Delete a label. System labels cannot be deleted. | admin |
| attachment_get | Get a message attachment. Returns base64url-encoded data. | read |
| filters_list | List all email filters | read |
| filter_get | Get a specific filter by ID | read |
| filter_create | Create a new email filter | write |
| filter_delete | Delete an email filter | admin |
| vacation_get | Get vacation auto-reply settings | read |
| vacation_set | Set vacation auto-reply settings. To disable, set enableAutoReply to false. | write |
Deploy Gmail MCP securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow