mcporter
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The mcporter CLI includes a --stdio flag that allows the agent to execute arbitrary local commands or scripts (e.g., bun run ./server.ts) to interface with MCP servers.
- [EXTERNAL_DOWNLOADS]: The skill configuration specifies the installation of the mcporter package from the public Node.js (NPM) registry during the setup phase.
- [CREDENTIALS_UNSAFE]: The tool manages sensitive data such as authentication tokens and user sessions through the mcporter auth and mcporter config login commands.
- [DATA_EXFILTRATION]: The mcporter call command supports interacting with remote tools via full URLs, enabling the potential transmission of data to external and non-whitelisted domains.
Audit Metadata