GongRzhe/Gmail-MCP-Server

AI review

The extension is a legitimate Gmail MCP server with standard OAuth authentication. The setup.js file contains code to read and modify Claude Desktop configuration, which could be used for prompt injection if the configuration file is tampered with, but this is a local file operation and not inherently malicious. The extension does not contain hidden instructions, data exfiltration, or deceptive tool descriptions.

• low Claude Desktop config modification in setup.js — setup.js:73 reads and potentially modifies the Claude Desktop configuration file (claude_desktop_config.json). While this is used for legitimate setup purposes, it could be exploited if an attacker gains access to the local filesystem. However, this is a standard pattern for MCP server setup scripts and does not represent an active risk.
• low Environment variable access for OAuth path — src/index.ts:27 reads GMAIL_OAUTH_PATH from environment variables. This is standard practice for configuration and not a security risk. The OAuth credentials are stored locally and not exfiltrated.
• low Command execution via child_process — setup.js:18 uses execSync from child_process. This is used for legitimate setup operations (e.g., running npm commands). No evidence of malicious command injection or data exfiltration was found.

Model: deepseek-chat

Static findings