← Back to Skills Marketplace
1767
Downloads
1
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install read-no-evil-mcp
Description
Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails.
Usage Guidance
This skill appears to do what it says: it is a thin client that talks to a separate MCP server which handles credentials and prompt-injection scanning. Before installing/starting a local server, consider the following: 1) Trust the Docker image (ghcr.io/thekie/read-no-evil-mcp:0.3) — inspect it or run it in an isolated environment if unsure. 2) When setting up locally you must create a .env file with account passwords; the setup script reads those lines and injects them as container environment variables — keep that file private and delete it after use if desired. 3) The SKILL.md explicitly requires asking the user before auto-starting Docker; ensure the agent follows that. 4) There is some truncated/unfinished code in the provided scripts (e.g., a partial line in setup-config.py in the repository listing); treat this as a quality issue and review scripts before executing them locally. If you are uncomfortable running the included scripts, point the skill at a remote MCP server you control instead or run the setup steps manually.
Capability Analysis
Type: OpenClaw Skill
Name: read-no-evil-mcp
Version: 0.3.1
The OpenClaw skill 'read-no-evil-mcp' is designed to provide secure email access with built-in prompt injection protection. The `SKILL.md` explicitly instructs the AI agent to avoid sensitive actions like displaying configuration details (`setup-config.py show`) without user confirmation, demonstrating a strong awareness of prompt injection risks against the agent itself. The `scripts/setup-server.sh` and `scripts/setup-config.py` handle Docker setup and configuration file management responsibly, including controlled handling of `.env` files for credentials and read-only mounting of config files into Docker containers. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized persistence, or arbitrary command execution beyond the skill's stated purpose.
Capability Assessment
Purpose & Capability
The name/description (secure email access with prompt-injection protection) match the provided CLI and setup scripts: the CLI talks to an MCP HTTP server, setup scripts can spin up a Docker-hosted MCP server, and credentials are stored for the server (not in the skill). There are no unrelated credential requests or surprising binaries in the repository.
Instruction Scope
SKILL.md is narrowly scoped to connecting to an MCP server, managing config files, and optionally starting a local Docker server. It explicitly instructs the agent to ask the user before auto-creating or auto-starting Docker. The runtime scripts do read/write the user config path (~/.config/read-no-evil-mcp/config.yaml) and expect a .env file for account passwords; those file accesses are consistent with the advertised purpose but are worth noting because they involve local credential files the user must provide.
Install Mechanism
There is no package install spec; the skill provides scripts that are run directly. The only external network action is pulling a Docker image from ghcr.io (ghcr.io/thekie/read-no-evil-mcp:0.3) and a curl-based health check — which is expected for launching a local MCP server. No downloads from untrusted shorteners or personal IPs were observed.
Credentials
The skill declares no required env vars, which is fine, but the code accepts an optional RNOE_SERVER_URL env var and the setup-server.sh reads RNOE_ACCOUNT_*_PASSWORD entries from a .env file. This is proportionate to starting a local server, but the skill does not automatically obtain or require your email credentials — you must provide them in .env for the server. The SKILL.md instructs that credentials remain on the MCP server (not in the agent), which matches the code, but users should be aware that providing a .env file will be read and passed into the Docker container.
Persistence & Privilege
The skill is not 'always' included and does not request elevated or permanent platform privileges. It writes/reads its own config path (~/.config/read-no-evil-mcp) and does not alter other skills or global agent settings. Agent autonomous invocation is allowed (platform default) and appropriate for this kind of CLI.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install read-no-evil-mcp - After installation, invoke the skill by name or use
/read-no-evil-mcp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.1
## Fixed
- CLI argument order: global options (, ) now work in any position, not just before the subcommand (#7)
- command: and are now correctly passed as lists to the MCP server, fixing sends to multiple recipients (#8)
## Added
- command now displays an unread indicator () next to unseen messages (#9) (requires read-no-evil-mcp>=0.3.1)
v0.3.0
## What's New
- **Docker-based server**: Switch from library integration to a Docker-hosted read-no-evil-mcp server accessed via MCP Streamable HTTP protocol
- **Standalone HTTP client**: rnoe-mail.py rewritten as a zero-dependency MCP HTTP client (Python stdlib only)
- **Flag-driven setup scripts**: New setup-config.py and setup-server.sh — fully flag-driven, no interactive prompts, designed for LLM agent invocation
- **SMTP is optional**: Only required when send permission is enabled
- **Docker image pinned to :0.3**: Matches read-no-evil-mcp v0.3 features (sender access rules, attachments, pagination, HTTP transport, configurable sensitivity)
## Upgrade Notes
This is a breaking change from v0.2.0. The skill no longer uses read-no-evil-mcp as a Python library — it connects to a running server over HTTP. See SKILL.md for setup instructions. (requires read-no-evil-mcp>=0.3.0)
v0.2.0
Release (requires read-no-evil-mcp>=0.2.0)
v1.0.2
Initial release
v1.0.1
Initial release
v1.0.0
Initial release: Secure email access with prompt injection protection
Metadata
Frequently Asked Questions
What is read-no-evil-mcp?
Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails. It is an AI Agent Skill for Claude Code / OpenClaw, with 1767 downloads so far.
How do I install read-no-evil-mcp?
Run "/install read-no-evil-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is read-no-evil-mcp free?
Yes, read-no-evil-mcp is completely free (open-source). You can download, install and use it at no cost.
Which platforms does read-no-evil-mcp support?
read-no-evil-mcp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created read-no-evil-mcp?
It is built and maintained by thekie (@thekie); the current version is v0.3.1.
More Skills