read-no-evil-mcp
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s behavior matches its email-management purpose, but it can read, send, move, and delete email through a trusted MCP server, so users should configure permissions carefully.
Install only if you want an agent-accessible email gateway. Start with read-only accounts, enable send/delete/move only when necessary, use trusted local or secured remote MCP servers, protect the .env/config files, and verify the Docker image before giving it real mailbox credentials.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured MCP account allows it, the agent may send emails or change/delete messages.
The skill intentionally exposes email mutation capabilities, including sending, moving, and deleting messages. This is aligned with the advertised purpose, but those actions can have real mailbox impact if enabled.
Use for reading, sending, deleting, and moving emails.
Keep accounts read-only unless write actions are needed, restrict send/delete/move permissions per account, and ask for confirmation before important sends or deletions.
The MCP server container can authenticate to the configured email accounts.
The optional Docker setup passes email account passwords from the user’s .env file into the MCP server container. This is expected for a mail gateway, but it means the server/container is trusted with mailbox credentials.
if [[ "$line" == RNOE_ACCOUNT_*_PASSWORD=* ]]; then
env_args+=("-e" "$line")Use app-specific passwords or least-privilege mail credentials where possible, protect the .env file, and only run the server image if you trust it.
A compromised or changed container image could affect mailbox privacy or behavior.
The optional setup pulls and runs an external Docker image by tag. This is disclosed and purpose-aligned, but the image is not pinned by digest and will handle sensitive email access.
IMAGE="ghcr.io/thekie/read-no-evil-mcp:0.3" ... docker pull "$IMAGE" ... docker run -d \
Verify the upstream project and image, consider pinning a known-good digest, and avoid using the Docker setup with sensitive accounts unless you trust the image.
If the remote server or network path is untrusted, email content and actions could be exposed or manipulated.
The skill can connect to a remote MCP server over an HTTP URL. Email commands and returned message content depend on that server’s trustworthiness and transport security.
Remote server — An existing server on another machine. You need the URL (e.g. `http://server:8000`).
Prefer localhost for sensitive mail, or use only trusted remote servers with appropriate network protections such as HTTPS, authentication, VPN, or firewall restrictions.