← 返回 Skills 市场
thekie

read-no-evil-mcp

作者 thekie · GitHub ↗ · v0.3.1
cross-platform ✓ 安全检测通过
1767
总下载
1
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install read-no-evil-mcp
功能描述
Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails.
安全使用建议
This skill appears to do what it says: it is a thin client that talks to a separate MCP server which handles credentials and prompt-injection scanning. Before installing/starting a local server, consider the following: 1) Trust the Docker image (ghcr.io/thekie/read-no-evil-mcp:0.3) — inspect it or run it in an isolated environment if unsure. 2) When setting up locally you must create a .env file with account passwords; the setup script reads those lines and injects them as container environment variables — keep that file private and delete it after use if desired. 3) The SKILL.md explicitly requires asking the user before auto-starting Docker; ensure the agent follows that. 4) There is some truncated/unfinished code in the provided scripts (e.g., a partial line in setup-config.py in the repository listing); treat this as a quality issue and review scripts before executing them locally. If you are uncomfortable running the included scripts, point the skill at a remote MCP server you control instead or run the setup steps manually.
功能分析
Type: OpenClaw Skill Name: read-no-evil-mcp Version: 0.3.1 The OpenClaw skill 'read-no-evil-mcp' is designed to provide secure email access with built-in prompt injection protection. The `SKILL.md` explicitly instructs the AI agent to avoid sensitive actions like displaying configuration details (`setup-config.py show`) without user confirmation, demonstrating a strong awareness of prompt injection risks against the agent itself. The `scripts/setup-server.sh` and `scripts/setup-config.py` handle Docker setup and configuration file management responsibly, including controlled handling of `.env` files for credentials and read-only mounting of config files into Docker containers. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized persistence, or arbitrary command execution beyond the skill's stated purpose.
能力评估
Purpose & Capability
The name/description (secure email access with prompt-injection protection) match the provided CLI and setup scripts: the CLI talks to an MCP HTTP server, setup scripts can spin up a Docker-hosted MCP server, and credentials are stored for the server (not in the skill). There are no unrelated credential requests or surprising binaries in the repository.
Instruction Scope
SKILL.md is narrowly scoped to connecting to an MCP server, managing config files, and optionally starting a local Docker server. It explicitly instructs the agent to ask the user before auto-creating or auto-starting Docker. The runtime scripts do read/write the user config path (~/.config/read-no-evil-mcp/config.yaml) and expect a .env file for account passwords; those file accesses are consistent with the advertised purpose but are worth noting because they involve local credential files the user must provide.
Install Mechanism
There is no package install spec; the skill provides scripts that are run directly. The only external network action is pulling a Docker image from ghcr.io (ghcr.io/thekie/read-no-evil-mcp:0.3) and a curl-based health check — which is expected for launching a local MCP server. No downloads from untrusted shorteners or personal IPs were observed.
Credentials
The skill declares no required env vars, which is fine, but the code accepts an optional RNOE_SERVER_URL env var and the setup-server.sh reads RNOE_ACCOUNT_*_PASSWORD entries from a .env file. This is proportionate to starting a local server, but the skill does not automatically obtain or require your email credentials — you must provide them in .env for the server. The SKILL.md instructs that credentials remain on the MCP server (not in the agent), which matches the code, but users should be aware that providing a .env file will be read and passed into the Docker container.
Persistence & Privilege
The skill is not 'always' included and does not request elevated or permanent platform privileges. It writes/reads its own config path (~/.config/read-no-evil-mcp) and does not alter other skills or global agent settings. Agent autonomous invocation is allowed (platform default) and appropriate for this kind of CLI.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install read-no-evil-mcp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /read-no-evil-mcp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.1
## Fixed - CLI argument order: global options (, ) now work in any position, not just before the subcommand (#7) - command: and are now correctly passed as lists to the MCP server, fixing sends to multiple recipients (#8) ## Added - command now displays an unread indicator () next to unseen messages (#9) (requires read-no-evil-mcp>=0.3.1)
v0.3.0
## What's New - **Docker-based server**: Switch from library integration to a Docker-hosted read-no-evil-mcp server accessed via MCP Streamable HTTP protocol - **Standalone HTTP client**: rnoe-mail.py rewritten as a zero-dependency MCP HTTP client (Python stdlib only) - **Flag-driven setup scripts**: New setup-config.py and setup-server.sh — fully flag-driven, no interactive prompts, designed for LLM agent invocation - **SMTP is optional**: Only required when send permission is enabled - **Docker image pinned to :0.3**: Matches read-no-evil-mcp v0.3 features (sender access rules, attachments, pagination, HTTP transport, configurable sensitivity) ## Upgrade Notes This is a breaking change from v0.2.0. The skill no longer uses read-no-evil-mcp as a Python library — it connects to a running server over HTTP. See SKILL.md for setup instructions. (requires read-no-evil-mcp>=0.3.0)
v0.2.0
Release (requires read-no-evil-mcp>=0.2.0)
v1.0.2
Initial release
v1.0.1
Initial release
v1.0.0
Initial release: Secure email access with prompt injection protection
元数据
Slug read-no-evil-mcp
版本 0.3.1
许可证
累计安装 1
当前安装数 1
历史版本数 6
常见问题

read-no-evil-mcp 是什么?

Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1767 次。

如何安装 read-no-evil-mcp?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install read-no-evil-mcp」即可一键安装,无需额外配置。

read-no-evil-mcp 是免费的吗?

是的,read-no-evil-mcp 完全免费(开源免费),可自由下载、安装和使用。

read-no-evil-mcp 支持哪些平台?

read-no-evil-mcp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 read-no-evil-mcp?

由 thekie(@thekie)开发并维护,当前版本 v0.3.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论