MC Porter

This manifest/documentation describes a legitimate-seeming CLI tool (mcporter) whose primary functions (calling MCP servers, config, OAuth, daemon, codegen) align with its stated purpose. The main security concerns arise from powerful runtime capabilities: executing arbitrary stdio commands, accepting arbitrary URLs for remote calls, and storing OAuth credentials in a local JSON config. Those capabilities are plausible for the tool's purpose but create moderate risk if the binary is untrusted, if an automated agent is granted these abilities without strict limits, or if config files are exposed. No direct evidence of obfuscated or malicious code is present in the provided text, but the described features merit caution: review the actual mcporter binary source, ensure installs come from a trusted registry and pinned version, protect config tokens, and avoid granting automation privileges that would let the tool execute user-controlled commands or send stored credentials to arbitrary endpoints.