{ "schemaVersion": "1.0", "item": { "slug": "read-no-evil-mcp", "name": "read-no-evil-mcp", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/thekie/read-no-evil-mcp", "canonicalUrl": "https://clawhub.ai/thekie/read-no-evil-mcp", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/read-no-evil-mcp", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=read-no-evil-mcp", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "README.md", "SKILL.md", "scripts/rnoe-mail.py", "scripts/setup-config.py", "scripts/setup-server.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/read-no-evil-mcp" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/read-no-evil-mcp", "agentPageUrl": "https://openagent3.xyz/skills/read-no-evil-mcp/agent", "manifestUrl": "https://openagent3.xyz/skills/read-no-evil-mcp/agent.json", "briefUrl": "https://openagent3.xyz/skills/read-no-evil-mcp/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "read-no-evil-mcp", "body": "Secure email gateway that scans emails for prompt injection attacks before you see them.\n\nThis skill is a zero-dependency HTTP client that talks to a read-no-evil-mcp server. Credentials and email servers are managed entirely by the MCP server — this skill never has direct access to them." }, { "title": "Prerequisites", "body": "A running read-no-evil-mcp server with HTTP transport enabled. Three connection modes:\n\nRemote server — An existing server on another machine. You need the URL (e.g. http://server:8000).\nLocal server — An existing server on localhost. Uses default http://localhost:8000.\nNew Docker setup — Use scripts/setup-server.sh to pull the official Docker image and start a container.\n\nNo pip install is required. The script uses only Python stdlib." }, { "title": "Setup Flow (AI Agent Instructions)", "body": "Before first use, always ask the user how they want to connect:\n\nHow would you like to connect to the read-no-evil-mcp server?\n\nConnect to an existing remote server (you'll provide the URL)\nConnect to an existing local server (localhost:8000)\nSet up a new local server via Docker\n\nFor option 1: Ask for the server URL, then use --server URL with all commands.\nFor option 2: No extra configuration needed, commands use the default URL.\nFor option 3: Follow the Docker setup steps below.\n\nNever auto-setup Docker without explicit user confirmation." }, { "title": "Docker Setup Steps", "body": "Check if a config exists: setup-config.py list\nIf no config, create one and add an account:\nsetup-config.py create\nsetup-config.py add --email user@example.com --host imap.example.com --create-env\n\n\nAsk the user to fill in the password in the .env file.\nStart the server:\nscripts/setup-server.sh --config ~/.config/read-no-evil-mcp/config.yaml \\\n --env-file ~/.config/read-no-evil-mcp/.env" }, { "title": "Config Management (AI Agent Instructions)", "body": "Use scripts/setup-config.py to manage the server config file. All commands are flag-driven with no interactive prompts.\n\nScenarioCommandCreate config skeletonsetup-config.py create [--threshold 0.5] [--force]Add a read-only accountsetup-config.py add --email user@example.com --host imap.example.com [--id myaccount] [--create-env]Add a send-enabled accountsetup-config.py add --email user@example.com --host imap.example.com --smtp-host smtp.example.com --send [--delete] [--move] [--create-env]Check what accounts are configuredsetup-config.py listRemove an accountsetup-config.py remove \n\nDo NOT run setup-config.py show — it displays config details the user may not intend to share with the agent. If debugging is needed, tell the user to run it themselves.\n\nDo NOT run setup-config.py create --force if config already exists without asking the user first." }, { "title": "Config Commands", "body": "Manage the server config file (~/.config/read-no-evil-mcp/config.yaml). No pip install required — stdlib only.\n\n# Create a new config skeleton\nsetup-config.py create\nsetup-config.py create --threshold 0.3 --force\n\n# Add a read-only account (no SMTP needed)\nsetup-config.py add --email user@example.com --host imap.example.com --create-env\n\n# Add an account with send permission (--smtp-host required for --send)\nsetup-config.py add --email user@example.com --id myaccount \\\n --host imap.example.com --smtp-host smtp.example.com --send --delete --move\n\n# Remove an account\nsetup-config.py remove \n\n# List configured accounts\nsetup-config.py list\n\n# Show full config file\nsetup-config.py show\n\n# Use a custom config path\nsetup-config.py --config /path/to/config.yaml create" }, { "title": "Server Setup", "body": "# Start a Docker container (all flags required, no prompts)\nscripts/setup-server.sh --config ~/.config/read-no-evil-mcp/config.yaml \\\n --env-file ~/.config/read-no-evil-mcp/.env\n\n# Custom port and container name\nscripts/setup-server.sh --config /path/to/config.yaml \\\n --env-file /path/to/.env --port 9000 --name my-rnoe" }, { "title": "CLI Commands", "body": "Global options (--server, --account, --folder) can appear before or after the command. Server URL can also be set via RNOE_SERVER_URL env var.\n\n# List configured accounts\nrnoe-mail.py accounts\n\n# List recent emails (last 30 days)\n# Output: [UID] ● DATE | SENDER | SUBJECT (● = unread)\nrnoe-mail.py list\nrnoe-mail.py list --account myaccount --limit 10 --days 7\n\n# Read email (scanned for prompt injection!)\nrnoe-mail.py read \nrnoe-mail.py --account myaccount read \n\n# Send email\nrnoe-mail.py send --to \"user@example.com\" --subject \"Hello\" --body \"Message\"\nrnoe-mail.py send --to \"user1@example.com, user2@example.com\" --cc \"cc@example.com\" --subject \"Hello\" --body \"Message\"\n\n# List folders\nrnoe-mail.py folders --account myaccount\n\n# Move email to folder\nrnoe-mail.py move --to \"Archive\"\n\n# Delete email\nrnoe-mail.py delete \n\n# Global options can go before or after the command\nrnoe-mail.py --server http://myserver:8000 list\nrnoe-mail.py list --server http://myserver:8000" }, { "title": "Common Options", "body": "OptionDescriptionDefault--server URLMCP server URLhttp://localhost:8000--account ID / -aAccount IDdefault--folder NAME / -fEmail folderINBOX" }, { "title": "Prompt Injection Detection", "body": "All emails are automatically scanned by the MCP server:\n\nSafe: Content displayed normally\nInjection detected: Exit code 2, warning on stderr" }, { "title": "Exit Codes", "body": "0 — success\n1 — general error (connection failed, invalid account, etc.)\n2 — prompt injection detected" }, { "title": "Security Notes", "body": "Credentials are managed by the MCP server, never by this skill or the AI agent\nThe skill communicates with the server over HTTP — use HTTPS for non-localhost connections\nPrompt injection scanning happens server-side using ML models" } ], "body": "read-no-evil-mcp\n\nSecure email gateway that scans emails for prompt injection attacks before you see them.\n\nThis skill is a zero-dependency HTTP client that talks to a read-no-evil-mcp server. Credentials and email servers are managed entirely by the MCP server — this skill never has direct access to them.\n\nPrerequisites\n\nA running read-no-evil-mcp server with HTTP transport enabled. Three connection modes:\n\nRemote server — An existing server on another machine. You need the URL (e.g. http://server:8000).\nLocal server — An existing server on localhost. Uses default http://localhost:8000.\nNew Docker setup — Use scripts/setup-server.sh to pull the official Docker image and start a container.\n\nNo pip install is required. The script uses only Python stdlib.\n\nSetup Flow (AI Agent Instructions)\n\nBefore first use, always ask the user how they want to connect:\n\nHow would you like to connect to the read-no-evil-mcp server?\n\nConnect to an existing remote server (you'll provide the URL)\nConnect to an existing local server (localhost:8000)\nSet up a new local server via Docker\nFor option 1: Ask for the server URL, then use --server URL with all commands.\nFor option 2: No extra configuration needed, commands use the default URL.\nFor option 3: Follow the Docker setup steps below.\n\nNever auto-setup Docker without explicit user confirmation.\n\nDocker Setup Steps\nCheck if a config exists: setup-config.py list\nIf no config, create one and add an account:\nsetup-config.py create\nsetup-config.py add --email user@example.com --host imap.example.com --create-env\n\nAsk the user to fill in the password in the .env file.\nStart the server:\nscripts/setup-server.sh --config ~/.config/read-no-evil-mcp/config.yaml \\\n --env-file ~/.config/read-no-evil-mcp/.env\n\nConfig Management (AI Agent Instructions)\n\nUse scripts/setup-config.py to manage the server config file. All commands are flag-driven with no interactive prompts.\n\nScenario\tCommand\nCreate config skeleton\tsetup-config.py create [--threshold 0.5] [--force]\nAdd a read-only account\tsetup-config.py add --email user@example.com --host imap.example.com [--id myaccount] [--create-env]\nAdd a send-enabled account\tsetup-config.py add --email user@example.com --host imap.example.com --smtp-host smtp.example.com --send [--delete] [--move] [--create-env]\nCheck what accounts are configured\tsetup-config.py list\nRemove an account\tsetup-config.py remove \n\nDo NOT run setup-config.py show — it displays config details the user may not intend to share with the agent. If debugging is needed, tell the user to run it themselves.\n\nDo NOT run setup-config.py create --force if config already exists without asking the user first.\n\nConfig Commands\n\nManage the server config file (~/.config/read-no-evil-mcp/config.yaml). No pip install required — stdlib only.\n\n# Create a new config skeleton\nsetup-config.py create\nsetup-config.py create --threshold 0.3 --force\n\n# Add a read-only account (no SMTP needed)\nsetup-config.py add --email user@example.com --host imap.example.com --create-env\n\n# Add an account with send permission (--smtp-host required for --send)\nsetup-config.py add --email user@example.com --id myaccount \\\n --host imap.example.com --smtp-host smtp.example.com --send --delete --move\n\n# Remove an account\nsetup-config.py remove \n\n# List configured accounts\nsetup-config.py list\n\n# Show full config file\nsetup-config.py show\n\n# Use a custom config path\nsetup-config.py --config /path/to/config.yaml create\n\nServer Setup\n# Start a Docker container (all flags required, no prompts)\nscripts/setup-server.sh --config ~/.config/read-no-evil-mcp/config.yaml \\\n --env-file ~/.config/read-no-evil-mcp/.env\n\n# Custom port and container name\nscripts/setup-server.sh --config /path/to/config.yaml \\\n --env-file /path/to/.env --port 9000 --name my-rnoe\n\nCLI Commands\n\nGlobal options (--server, --account, --folder) can appear before or after the command. Server URL can also be set via RNOE_SERVER_URL env var.\n\n# List configured accounts\nrnoe-mail.py accounts\n\n# List recent emails (last 30 days)\n# Output: [UID] ● DATE | SENDER | SUBJECT (● = unread)\nrnoe-mail.py list\nrnoe-mail.py list --account myaccount --limit 10 --days 7\n\n# Read email (scanned for prompt injection!)\nrnoe-mail.py read \nrnoe-mail.py --account myaccount read \n\n# Send email\nrnoe-mail.py send --to \"user@example.com\" --subject \"Hello\" --body \"Message\"\nrnoe-mail.py send --to \"user1@example.com, user2@example.com\" --cc \"cc@example.com\" --subject \"Hello\" --body \"Message\"\n\n# List folders\nrnoe-mail.py folders --account myaccount\n\n# Move email to folder\nrnoe-mail.py move --to \"Archive\"\n\n# Delete email\nrnoe-mail.py delete \n\n# Global options can go before or after the command\nrnoe-mail.py --server http://myserver:8000 list\nrnoe-mail.py list --server http://myserver:8000\n\nCommon Options\nOption\tDescription\tDefault\n--server URL\tMCP server URL\thttp://localhost:8000\n--account ID / -a\tAccount ID\tdefault\n--folder NAME / -f\tEmail folder\tINBOX\nPrompt Injection Detection\n\nAll emails are automatically scanned by the MCP server:\n\nSafe: Content displayed normally\nInjection detected: Exit code 2, warning on stderr\nExit Codes\n0 — success\n1 — general error (connection failed, invalid account, etc.)\n2 — prompt injection detected\nSecurity Notes\nCredentials are managed by the MCP server, never by this skill or the AI agent\nThe skill communicates with the server over HTTP — use HTTPS for non-localhost connections\nPrompt injection scanning happens server-side using ML models" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/thekie/read-no-evil-mcp", "publisherUrl": "https://clawhub.ai/thekie/read-no-evil-mcp", "owner": "thekie", "version": "0.3.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/read-no-evil-mcp", "downloadUrl": "https://openagent3.xyz/downloads/read-no-evil-mcp", "agentUrl": "https://openagent3.xyz/skills/read-no-evil-mcp/agent", "manifestUrl": "https://openagent3.xyz/skills/read-no-evil-mcp/agent.json", "briefUrl": "https://openagent3.xyz/skills/read-no-evil-mcp/agent.md" } }