{"id":"jasonsum-gmail-mcp-server","name":"gmail-mcp-server","homepage":null,"repo_url":"https://github.com/jasonsum/gmail-mcp-server","category":"communication","subcategories":[],"tags":["mcp","gmail","oauth","email","integration","desktop-app","tooling"],"what_it_does":"An MCP server that connects to a user’s Gmail account (via Google OAuth) and exposes tools to send emails, read emails (and mark them as read), list unread emails, mark an email as read, move an email to trash, and open an email in a browser.","use_cases":["Draft and send emails programmatically from an MCP-enabled assistant (with user confirmation described in README)","Read and summarize unread emails from an MCP-enabled assistant","Find and trash unwanted emails via an MCP tool call","Mark emails as read after processing"],"not_for":["Automated email sending/trashing without human oversight","Use as a general-purpose Gmail REST replacement for high-volume bulk operations","Handling sensitive/regulated communications without appropriate security review and auditing"],"best_when":"Used in a desktop/interactive workflow where the MCP client can ask the user before performing email-changing actions (send/trash/read).","avoid_when":"Avoid for fully autonomous agents, unattended automation, or scenarios requiring strict least-privilege beyond the single Gmail modify scope noted.","alternatives":["Use Gmail API directly with your own integration (OAuth + Gmail API)","Use Google Apps Script / Workspace add-ons (if appropriate)","Use existing email integration platforms with audited connectors (e.g., Zapier/Make-style)","Build a smaller MCP wrapper around Gmail API with narrower scopes (e.g., read-only when possible)"],"af_score":51.5,"security_score":58.0,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:52:39.413847+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth2 (Google OAuth flow initiated in system browser)"],"oauth":true,"scopes":true,"notes":"README instructs adding the Gmail scope https://www.googleapis.com/auth/gmail/modify and performing an interactive auth flow, with tokens persisted to a local --token-path file."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided; package appears to be self-hosted."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":51.5,"security_score":58.0,"reliability_score":25.0,"mcp_server_quality":75.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":10.0,"tls_enforcement":70.0,"auth_strength":75.0,"scope_granularity":30.0,"dependency_hygiene":55.0,"secret_handling":55.0,"security_notes":"Uses Google OAuth and persists tokens locally (token-path). Gmail scope requested is gmail/modify, which is powerful (read+modify) and not least-privilege for all tools (e.g., read-only operations). No details provided about TLS enforcement within the MCP server, token file permissions, logging practices, or structured error handling. Ensure least-privilege scopes where possible and restrict local token file access.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tools include side effects (send-email, trash-email, mark-email-as-read) so an MCP client/agent must implement appropriate user confirmation and safeguards.","The README states the MCP client prompts the user before conducting sensitive activities; if the client does not, the tools could enable unintended email changes.","OAuth tokens are stored on disk at --token-path; agents running on shared machines should consider file permissions and cleanup."]}}