MC Porter
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary local commands and subprocesses through the
mcporter call --stdioflag. This allows the agent to run local scripts (e.g., 'bun run ./server.ts') as part of the MCP tool invocation process. - [EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of the 'mcporter' package from the Node.js (NPM) registry to provide its core functionality.
- [REMOTE_CODE_EXECUTION]: By design, the tool allows calling remote MCP servers via URLs, which involves fetching and interacting with external logic at runtime.
- [DATA_EXFILTRATION]: The skill supports making network requests to arbitrary external endpoints ('https://api.example.com/mcp.fetch') and managing authentication tokens via 'mcporter auth', which could be leveraged to send data to external services.
Audit Metadata