mcporter
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The
--stdioflag in themcporter callcommand allows the agent to execute arbitrary shell commands provided as a string (e.g.,bun run ./server.ts). This is a powerful primitive that can be abused to execute malicious code if the agent is manipulated. - EXTERNAL_DOWNLOADS (MEDIUM): The skill requires users to install the
mcporterbinary from npm (npm install -g mcporter). The author and package are not from a trusted organization list, posing a supply chain risk. - DATA_EXFILTRATION (MEDIUM): The skill supports making requests to arbitrary URLs (
mcporter call <url>) and connecting to a third-party cloud service (mcporter config login), which can be used to exfiltrate sensitive information or local configuration data. - PROMPT_INJECTION (LOW): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from external MCP servers (schemas and tool outputs) and possesses high-privilege capabilities like shell command execution. Evidence: 1. Ingestion points: MCP tool outputs and server schemas. 2. Boundary markers: Absent. 3. Capability inventory:
mcporter call --stdio(command execution),mcporter config import(file read). 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata