SendGrid MCP
MCP server for SendGrid email API — send emails, manage contacts, templates, lists, and single sends
Score Breakdown
Server Info
- Package
- sendgrid-mcp
- Registry
- npm
- Repository
- Shy/sendgrid-mcp
- Maintainer
- Community
- Category
- Marketing
- Tags
- emailtransactionalcampaigns
- Last Scanned
- 7 Apr 2026
Findings
7 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Auth via SENDGRID_API_KEY env var. No HTTP/SSE transport, no MCP OAuth. Uses the older MCP SDK (v0.6.0) with low-level Server class and manual ListTools/CallTools handlers. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 1 of 21 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
Data Exposure
MEDIUM6 list operations lack pagination
No pagination on any list operations (list_contacts, list_templates, list_contact_lists, list_verified_senders, list_suppression_groups, list_single_sends, get_contacts_by_list). All return complete datasets. No field selection. list_contacts and get_contacts_by_list return filtered fields (email, first_name, last_name) in the handler, which limits exposure somewhat.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by Shy
No official vendor backing.
Seek vendor verification.
HIGH8 dependency vulnerabilities (1 critical, 4 high)
npm audit found 1 critical and 4 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
21 total| Name | Description | Risk |
|---|---|---|
| delete_contacts | Delete contacts from your SendGrid account | admin |
| list_contacts | List all contacts in your SendGrid account | read |
| send_email | Send an email using SendGrid | write |
| add_contact | Add a contact to your SendGrid marketing contacts | write |
| create_contact_list | Create a new contact list in SendGrid | write |
| add_contacts_to_list | Add contacts to an existing SendGrid list | write |
| create_template | Create a new email template in SendGrid | write |
| get_template | Retrieve a SendGrid template by ID | read |
| delete_template | Delete a dynamic template from SendGrid | admin |
| validate_email | Validate an email address using SendGrid | read |
| get_stats | Get SendGrid email statistics | read |
| list_templates | List all email templates in your SendGrid account | read |
| delete_list | Delete a contact list from SendGrid | admin |
| list_contact_lists | List all contact lists in your SendGrid account | read |
| get_contacts_by_list | Get all contacts in a SendGrid list | read |
| list_verified_senders | List all verified sender identities in your SendGrid account | read |
| list_suppression_groups | List all unsubscribe groups in your SendGrid account | read |
| send_to_list | Send an email to a contact list using SendGrid Single Sends | write |
| get_single_send | Get details of a specific single send | read |
| list_single_sends | List all single sends in your SendGrid account | read |
| remove_contacts_from_list | Remove contacts from a SendGrid list without deleting them | write |
Deploy SendGrid MCP securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow