collactivelabs/gmail-mcp-server-
If you are the rightful owner of gmail-mcp-server- and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This server integrates with Gmail to provide a secure and feature-rich email management experience using the Model Context Protocol (MCP).
send-email
Send email to recipient
trash-email
Move email to trash
mark-email-as-read
Mark email as read
get-unread-emails
Retrieve unread emails
read-email
Retrieve email content
Gmail Server for Model Context Protocol (MCP)
This MCP server integrates with Gmail to enable sending, removing, reading, drafting, and responding to emails with enhanced security and features.
Security Note: This server includes secure token storage with encryption and proper file permissions. The server prompts users before conducting sensitive operations.
https://github.com/user-attachments/assets/5794cd16-00d2-45a2-884a-8ba0c3a90c90
Features
Core Tools
- send-email: Send email to recipient
- trash-email: Move email to trash
- mark-email-as-read: Mark email as read
- get-unread-emails: Retrieve unread emails
- read-email: Retrieve email content
- open-email: Open email in browser
- search-emails: Search emails with custom queries
- create-draft: Create a draft email
- list-drafts: List email drafts
Enhanced Tools (Available in Enhanced Server)
- list-emails: List emails with pagination support
- download-attachment: Download email attachments
- send-email-with-attachment: Send emails with attachments
- manage-labels: Add or remove labels from emails
- list-labels: List all available Gmail labels
Security Features
- Encrypted Token Storage: OAuth tokens are encrypted using machine-specific keys
- Secure File Permissions: Token files are stored with 600 permissions
- Fallback Compatibility: Graceful fallback to plaintext for compatibility
Prompts
The server includes specialized prompts for email management:
- manage-email: Act as an email administrator
- draft-email: Draft an email with content and recipient
- edit-draft: Edit an existing email draft
Setup
Gmail API Setup
- Create a new Google Cloud project
- Enable the Gmail API
- Configure an OAuth consent screen
- Choose "External" user type
- Set the publishing status to Testing (not Production)
- Fill in the required fields (app name, user support email, developer email)
- Add your Gmail address as a Test user (this is crucial!)
- Add OAuth scope
https://www.googleapis.com/auth/gmail.modify - Create an OAuth Client ID for application type "Desktop App"
- Download the JSON file of your client's OAuth keys
- Rename the key file and save it to your local machine in a secure location.
Important: If you get an "Access blocked" error during authentication, make sure your OAuth consent screen is in "Testing" mode and your email is added as a test user. See for details.
Installation
Using uv is recommended:
# Clone the repository
git clone https://github.com/yourusername/gmail-mcp-server.git
cd gmail-mcp-server
# Install dependencies
uv pip install -e .
# For development
uv pip install -e ".[dev]"
Usage with Claude Desktop
Standard Server
{
"mcpServers": {
"gmail": {
"command": "uv",
"args": [
"--directory",
"[absolute-path-to-git-repo]",
"run",
"gmail",
"--creds-file-path",
"[absolute-path-to-credentials-file]",
"--token-path",
"[absolute-path-to-access-tokens-file]"
]
}
}
}
Enhanced Server (with all features)
{
"mcpServers": {
"gmail": {
"command": "uv",
"args": [
"--directory",
"[absolute-path-to-git-repo]",
"run",
"python",
"src/gmail/server_enhanced.py",
"--creds-file-path",
"[absolute-path-to-credentials-file]",
"--token-path",
"[absolute-path-to-access-tokens-file]"
]
}
}
}
Authentication
When the server is started, an authentication flow will be launched in your system browser. Token credentials will be encrypted and securely saved in the specified token path.
| Parameter | Example |
|---|---|
--creds-file-path | /[your-home-folder]/.google/client_creds.json |
--token-path | /[your-home-folder]/.google/app_tokens.json |
API Reference
Standard Tools
send-email
{
recipient_id: string, // Recipient email address
subject: string, // Email subject
message: string, // Email content
thread_id?: string // Optional thread ID for replies
}
search-emails
{
query: string, // Gmail search query
max_results?: number // Maximum results (default: 20)
}
Enhanced Tools
list-emails (Pagination Support)
{
query?: string, // Gmail search query (default: "in:inbox")
page_size?: number, // Results per page (default: 20)
page_token?: string // Token for next page
}
send-email-with-attachment
{
recipient_id: string, // Recipient email address
subject: string, // Email subject
message: string, // Email content
attachment_paths: string[], // Array of file paths to attach
thread_id?: string // Optional thread ID for replies
}
manage-labels
{
email_id: string, // Email ID
add_labels?: string[], // Labels to add
remove_labels?: string[] // Labels to remove
}
Development
Running Tests
# Run all tests
uv run pytest
# Run with coverage
uv run pytest --cov=gmail --cov-report=html
# Run specific test file
uv run pytest tests/test_gmail_service.py
Code Quality
# Format code
uv run black src/gmail tests
# Sort imports
uv run isort src/gmail tests
# Type checking
uv run mypy src/gmail
# Linting
uv run flake8 src/gmail tests
Project Structure
gmail-mcp-server/
āāā src/
ā āāā gmail/
ā āāā __init__.py
ā āāā server.py # Standard server
ā āāā server_enhanced.py # Enhanced server with all features
ā āāā constants.py
ā āāā services/
ā āāā __init__.py
ā āāā gmail_service.py # Core Gmail functionality
ā āāā gmail_service_enhanced.py # Extended features
ā āāā security.py # Token encryption utilities
āāā tests/
ā āāā __init__.py
ā āāā test_gmail_service.py
āāā pyproject.toml
āāā README.md
āāā SECURITY.md
āāā LICENSE
Security Considerations
This server implements several security best practices:
- Token Encryption: OAuth tokens are encrypted using Fernet encryption with machine-specific keys
- Secure File Permissions: Token files are stored with restrictive permissions (600)
- No Hardcoded Secrets: All sensitive data is provided via command-line arguments
- User Confirmation: Sensitive operations require user confirmation
- Secure Defaults: The server starts in safe mode, requiring explicit user action for sensitive operations
For more details, see .
Troubleshooting
OAuth Authentication Issues
If you encounter "Access blocked" or "Gmail MCP has not completed the Google verification process" errors:
- Ensure your OAuth consent screen is in Testing mode
- Add your email as a Test user
- Clear existing tokens and re-authenticate
See for detailed solutions.
MCP Inspector
To test the server, use MCP Inspector:
# Standard server
npx @modelcontextprotocol/inspector uv run src/gmail/server.py --creds-file-path [path] --token-path [path]
# Enhanced server
npx @modelcontextprotocol/inspector uv run src/gmail/server_enhanced.py --creds-file-path [path] --token-path [path]
Common Issues
- Access Denied Errors: Check OAuth setup and test users - see
- Token Decryption Errors: If you move between machines, tokens might fail to decrypt. Delete the token file and re-authenticate.
- Permission Errors: Ensure the token directory has proper permissions
- API Limits: Gmail API has rate limits. Implement exponential backoff for production use.
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests and linting
- Submit a pull request
License
This project is licensed under the GNU General Public License v3.0 - see the file for details.
Acknowledgments
- Built for the Model Context Protocol (MCP)
- Uses Google Gmail API
- Inspired by the need for secure email automation