read-no-evil-mcp
Secure email access via read-no-evil-mcp. Protects against prompt injection attacks in emails. Use for reading, sending, deleting, and moving emails.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/thekie/read-no-evil-mcpread-no-evil-mcp
Secure email gateway that scans emails for prompt injection attacks before you see them.
Prerequisites
Install the read-no-evil-mcp package (version must match skill version):
pip install read-no-evil-mcp==0.2.0
Configuration
Config File
Create ~/.config/read-no-evil-mcp/config.yaml:
accounts:
- id: "default"
type: "imap"
host: "mail.example.com"
port: 993
username: "[email protected]"
ssl: true
permissions:
read: true
send: false
delete: false
move: false
smtp_host: "mail.example.com"
smtp_port: 587
from_address: "[email protected]"
from_name: "Your Name"
Credentials
Create ~/.config/read-no-evil-mcp/.env:
RNOE_ACCOUNT_DEFAULT_PASSWORD=your-password
Environment variable format: RNOE_ACCOUNT_{ACCOUNT_ID}_PASSWORD (uppercase).
CLI Commands
# List recent emails (last 30 days)
rnoe-mail.py list
# List with options
rnoe-mail.py list --limit 10 --days 7 --account myaccount
# Read email (scanned for prompt injection!)
rnoe-mail.py read <uid>
# Send email (requires send permission)
rnoe-mail.py send --to "[email protected]" --subject "Hello" --body "Message"
# List folders
rnoe-mail.py folders
# Move email to folder
rnoe-mail.py move <uid> --to "Archive"
Prompt Injection Detection
All emails are automatically scanned:
- Safe: Content displayed normally
- Injection detected: Exit code 2, shows score + patterns
Uses ProtectAI's DeBERTa model (local inference, no external APIs).
Permissions
| Permission | Description | Default |
|---|---|---|
read | List and read emails | true |
send | Send emails via SMTP | false |
delete | Delete emails | false |
move | Move emails between folders | false |
Security Notes
- Emails are scanned for prompt injection before content is returned
- ML model runs locally — no data sent to external APIs
- Enable write permissions only when needed
- Consider using app-specific passwords
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-thekie-read-no-evil-mcp": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
cookidoo
Access Cookidoo (Thermomix) recipes, shopping lists, and meal planning via the unofficial cookidoo-api Python package. Use for viewing recipes, weekly plans, favorites, and syncing ingredients to shopping lists.
dropbox-lite
Upload, download, and manage files in Dropbox with automatic OAuth token refresh.