read-no-evil-mcp
Secure email gateway that scans emails for prompt injection attacks before you see them.
Prerequisites
Install the read-no-evil-mcp package (version must match skill version):
bash
pip install read-no-evil-mcp==0.2.0
Configuration
Config File
Create ~/.config/read-no-evil-mcp/config.yaml:
yaml
accounts:
- id: "default"
type: "imap"
host: "mail.example.com"
port: 993
username: "you@example.com"
ssl: true
permissions:
read: true
send: false
delete: false
move: false
smtp_host: "mail.example.com"
smtp_port: 587
from_address: "you@example.com"
from_name: "Your Name"
Credentials
Create ~/.config/read-no-evil-mcp/.env:
bash
RNOE_ACCOUNT_DEFAULT_PASSWORD=your-password
Environment variable format: RNOE_ACCOUNT_{ACCOUNT_ID}_PASSWORD (uppercase).
CLI Commands
bash
# List recent emails (last 30 days) rnoe-mail.py list # List with options rnoe-mail.py list --limit 10 --days 7 --account myaccount # Read email (scanned for prompt injection!) rnoe-mail.py read <uid> # Send email (requires send permission) rnoe-mail.py send --to "user@example.com" --subject "Hello" --body "Message" # List folders rnoe-mail.py folders # Move email to folder rnoe-mail.py move <uid> --to "Archive"
Prompt Injection Detection
All emails are automatically scanned:
- •Safe: Content displayed normally
- •Injection detected: Exit code 2, shows score + patterns
Uses ProtectAI's DeBERTa model (local inference, no external APIs).
Permissions
| Permission | Description | Default |
|---|---|---|
read | List and read emails | true |
send | Send emails via SMTP | false |
delete | Delete emails | false |
move | Move emails between folders | false |
Security Notes
- •Emails are scanned for prompt injection before content is returned
- •ML model runs locally — no data sent to external APIs
- •Enable write permissions only when needed
- •Consider using app-specific passwords