mcp_email

The application itself implements good security practices, such as recommending App Passwords (not main passwords) for email providers and using AES-256 encryption for storing credentials in Docker volumes. Attachment downloads use temporary, single-use tokens. However, the provided deployment documentation and scripts contain hardcoded SSH passwords, which is a critical security vulnerability for the deployment process itself. Additionally, the README explicitly states 'CORS: Включен для всех источников' (CORS: Enabled for all sources), which can be a significant risk if not adequately mitigated by a robust reverse proxy (like Nginx with strict origin validation). The Python wrapper communicates with an underlying Node.js IMAP server via STDIO, which is generally secure for inter-process communication.