Skills
skills/nkchivas/openclaw-skill-mcporter/mcporter/Snyk

mcporter

Warn

Audited by Snyk on Mar 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows mcporter calling arbitrary HTTP endpoints and running stdio-backed servers (e.g., "mcporter call https://api.example.com/mcp.fetch url:https://example.com" and "mcporter call --stdio 'bun run ./server.ts' scrape url=https://example.com"), which requires ingesting untrusted public web content that could influence subsequent tool calls or decisions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 07:30 AM