mcporter

SUSPICIOUS. The skill is purpose-aligned and the referenced MCPorter distribution paths are plausibly official, so this is not confirmed malware. However, it is a broad gateway skill: it can discover local MCP configs, authenticate to arbitrary configured servers, and invoke any exposed MCP tool, while `Bash(npx:*)` and unpinned `npx mcporter` increase supply-chain and scope risk. Main concern is overbroad capability and data flow to third-party MCP endpoints, not deceptive install provenance.