mcporter

[Skill Scanner] Natural language instruction to download and install from URL detected This file is documentation/metadata for the mcporter CLI and does not contain implementation code. The described capabilities (network calls, OAuth, config file access, stdio subprocess invocation) are consistent with the stated purpose but are powerful and, if the mcporter binary were malicious or compromised, could be abused to exfiltrate credentials or sensitive data. There are no direct indicators of malicious intent in this fragment. Final assessment: behaviorally capable of significant impact (by design), but no evidence of malicious code in the provided documentation. LLM verification: This SKILL.md is documentation for a legitimate-looking CLI (mcporter) that intentionally accepts arbitrary URLs and can spawn stdio processes. There is no explicit malicious code or obfuscation in the provided fragment. However, the feature set (calling arbitrary endpoints, running --stdio commands, and storing auth tokens in a local config file) is high-risk if implemented or used carelessly: it can enable credential exposure or data exfiltration. Without the implementation code, I cannot conc