read-no-evil-mcp
v0.3.1Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails.
⭐ 1· 1.7k·1 current·1 all-time
by@thekie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (secure email access with prompt-injection protection) match the provided CLI and setup scripts: the CLI talks to an MCP HTTP server, setup scripts can spin up a Docker-hosted MCP server, and credentials are stored for the server (not in the skill). There are no unrelated credential requests or surprising binaries in the repository.
Instruction Scope
SKILL.md is narrowly scoped to connecting to an MCP server, managing config files, and optionally starting a local Docker server. It explicitly instructs the agent to ask the user before auto-creating or auto-starting Docker. The runtime scripts do read/write the user config path (~/.config/read-no-evil-mcp/config.yaml) and expect a .env file for account passwords; those file accesses are consistent with the advertised purpose but are worth noting because they involve local credential files the user must provide.
Install Mechanism
There is no package install spec; the skill provides scripts that are run directly. The only external network action is pulling a Docker image from ghcr.io (ghcr.io/thekie/read-no-evil-mcp:0.3) and a curl-based health check — which is expected for launching a local MCP server. No downloads from untrusted shorteners or personal IPs were observed.
Credentials
The skill declares no required env vars, which is fine, but the code accepts an optional RNOE_SERVER_URL env var and the setup-server.sh reads RNOE_ACCOUNT_*_PASSWORD entries from a .env file. This is proportionate to starting a local server, but the skill does not automatically obtain or require your email credentials — you must provide them in .env for the server. The SKILL.md instructs that credentials remain on the MCP server (not in the agent), which matches the code, but users should be aware that providing a .env file will be read and passed into the Docker container.
Persistence & Privilege
The skill is not 'always' included and does not request elevated or permanent platform privileges. It writes/reads its own config path (~/.config/read-no-evil-mcp) and does not alter other skills or global agent settings. Agent autonomous invocation is allowed (platform default) and appropriate for this kind of CLI.
Assessment
This skill appears to do what it says: it is a thin client that talks to a separate MCP server which handles credentials and prompt-injection scanning. Before installing/starting a local server, consider the following: 1) Trust the Docker image (ghcr.io/thekie/read-no-evil-mcp:0.3) — inspect it or run it in an isolated environment if unsure. 2) When setting up locally you must create a .env file with account passwords; the setup script reads those lines and injects them as container environment variables — keep that file private and delete it after use if desired. 3) The SKILL.md explicitly requires asking the user before auto-starting Docker; ensure the agent follows that. 4) There is some truncated/unfinished code in the provided scripts (e.g., a partial line in setup-config.py in the repository listing); treat this as a quality issue and review scripts before executing them locally. If you are uncomfortable running the included scripts, point the skill at a remote MCP server you control instead or run the setup steps manually.Like a lobster shell, security has layers — review code before you run it.
latestvk97esn26jhn5y7vm5m03y9d9xs81atwv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.