mcporter
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill facilitates arbitrary shell command execution through the 'mcporter call --stdio' flag. Evidence: The documentation explicitly shows examples like 'mcporter call --stdio "bun run ./server.ts"', which allows the agent to execute any script or binary on the host system.
- [PROMPT_INJECTION] (HIGH): The skill exhibits a high-risk surface for indirect prompt injection (Category 8) because it ingests untrusted data from external MCP servers and provides the agent with high-privilege capabilities. 1. Ingestion points: Tool outputs and schemas from 'mcporter call ' or '<server.tool>'. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution, network operations, and config modification. 4. Sanitization: No sanitization or validation of server-provided tool results is mentioned.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill metadata specifies the installation of the 'mcporter' package via Node (npm), creating a dependency on an external third-party binary.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill manages authentication tokens and local configuration files ('./config/mcporter.json') through 'mcporter auth' and 'mcporter config' commands, which could be exploited to expose or modify sensitive credentials.
Recommendations
- AI detected serious security threats
Audit Metadata