Let AI search, read, send, and manage email across accounts.
This MCP tool claims access to user email, which involves highly sensitive personal and work communications. Although it is open-source under MIT and does not declare fixed remote endpoints or required secrets, the sparse documentation and low adoption warrant caution; the main concerns are its inherent email-data access and local execution capabilities rather than any clearly evidenced malicious exfiltration or credential abuse.
The materials state that no keys or environment variables are required, but searching, reading, sending, and managing multiple email accounts usually still requires mailbox access via local client configuration, system account integration, or interactive login. No built-in API key requirement is shown, so direct secret exposure is not evidenced, but email account authorization is highly sensitive and the authentication method and token storage should be verified.
No fixed remote endpoint is declared, and the system checks do not list egress hosts; however, reading/writing/sending email normally requires communication with email providers and may transmit message bodies, attachments, contacts, and metadata. There is no evidence here of sending data to unrelated third parties or unknown endpoints, so this is a normal caution case rather than a high-risk one.
The system marks this tool as executes-code, meaning it runs code/processes locally, which is a standard capability for this type of MCP tool. Given its email-management purpose, it should be assumed to invoke local runtime and related system interfaces; that alone does not justify a high-risk rating, but it should be run in a constrained environment and its executable path should be reviewed.
The tool explicitly aims to give AI access to email and can search, read, send, and manage messages, covering highly sensitive data such as message content, subjects, sender/recipient fields, timestamps, folder state, and potentially attachments. The materials do not indicate access to unrelated local files or system permissions beyond the stated function, so this is rated caution rather than risk.
Positive factors include an auditable open-source repository and an MIT license, which lower risk. However, the source is a third-party registry, community adoption is only 0 stars, maintenance status is unknown, and the README is absent, reducing verifiability and maturity. There is no evidence of a closed-source package, spoofed origin, or obvious malicious signs, so it should not be rated high risk, but supply-chain trust remains limited.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "mailbox-mcp" yet — see the docs or source repo.
After connecting my mailbox, find all unread emails from clients in the last 7 days, group them by urgency, summarize the key request in each email, and draft short replies for the high-priority ones.
A prioritized list of unread emails with summaries and ready-to-send reply drafts.
Search all my email accounts for messages from the last 3 months containing “invoice” or “发票”, extract the sender, date, amount, and attachment status, and compile the results into a table.
A structured table summarizing invoice-related emails for easy review and tracking.
Scan my mailbox for marketing subscription emails from the last 30 days, identify frequent senders, list emails that can be archived or deleted, and suggest important subscriptions worth keeping.
A cleanup plan for subscription emails, including bulk archive/delete lists and reasons to keep selected senders.
Enable AI agents to read, search, send, organize, and schedule emails.
Read inbox emails and get summaries through natural language queries.
Let AI agents send, receive, poll, and manage emails automatically.
Manage multiple Outlook or Microsoft 365 mailboxes through AI assistants.
Let AI securely send, search, and read Gmail messages efficiently.
Let AI manage Gmail, send emails, and automate labels and attachments.