Safe Gmail MCP
Provides tools for reading, searching, labeling, archiving, drafting emails, and managing labels in Gmail, with restrictions on sending (only to self) and no deletion.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Safe Gmail MCPsearch my inbox for unread emails from last week"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Safe Gmail MCP
A security-hardened Gmail MCP server for Claude Code. Supports reading, labeling, archiving, and drafting emails - but cannot send or delete.
Quick Start
git clone <this-repo>
cd safe-gmail-mcp
npm install
npm run initThe setup wizard will guide you through:
Creating Google Cloud OAuth credentials
Authenticating with your Gmail account
Configuring Claude Code
Related MCP server: mcp-gmail
Why This Exists
The original Gmail MCP has powerful capabilities that could be dangerous if misused:
Send emails (impersonation risk)
Delete emails (data loss)
Create filters (auto-forward/delete)
This fork removes those dangerous operations while keeping everything needed for email triage workflows.
What You Can Do
Tool | Description |
| Create a draft email (you send manually) |
| Send email to yourself only (for reminders) |
| Read email content by ID |
| Search with Gmail syntax |
| List all labels |
| Create a new label |
| Update a label |
| Delete a user-created label |
| Get existing or create new label |
| Add/remove labels from an email |
| Bulk label modifications |
| Save attachment to disk |
What You CANNOT Do
Send emails to others (only drafts)
Delete emails
Create filters
Commands
Command | Description |
| Interactive setup wizard |
| Re-authenticate (if token expires) |
| Check authentication status |
| Run the MCP server |
Manual Setup
If you prefer not to use the wizard:
1. Create Google Cloud OAuth Credentials
Go to Google Cloud Console
Create a new project
Enable the Gmail API: APIs & Services > Library > Gmail API > Enable
Configure OAuth consent screen:
User type: External
Add your email as a test user
Create credentials: Credentials > Create > OAuth Client ID > Desktop app
Download the JSON file
2. Set Up Credentials
mkdir -p ~/.safe-gmail-mcp
chmod 700 ~/.safe-gmail-mcp
mv ~/Downloads/client_secret_*.json ~/.safe-gmail-mcp/gcp-oauth.keys.json
chmod 600 ~/.safe-gmail-mcp/gcp-oauth.keys.json3. Authenticate
npm run auth4. Configure Claude Code
Add to your .mcp.json:
{
"mcpServers": {
"safe-gmail": {
"command": "node",
"args": ["/path/to/safe-gmail-mcp/src/index.js"],
"env": {
"GMAIL_OAUTH_PATH": "/Users/you/.safe-gmail-mcp/gcp-oauth.keys.json",
"GMAIL_CREDENTIALS_PATH": "/Users/you/.safe-gmail-mcp/credentials.json"
}
}
}
}Troubleshooting
"Gmail API has not been used"
Enable Gmail API: APIs & Services > Library > Gmail API > Enable
"Access denied" or 403 error
Add your email as a test user in the OAuth consent screen.
Token expired
Run npm run auth to re-authenticate.
Port already in use
The auth flow tries ports 3000, 3001, 3002. Close any apps using these ports.
Security
See SECURITY.md for detailed security design documentation.
License
ISC (inherited from original project)
Credits
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mbaselga/safe-gmail-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server