The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill documentation explicitly features mcporter call --stdio "<command>". This functionality allows for the execution of arbitrary shell commands (e.g., bun run ./server.ts) to start MCP servers. If an attacker influences the command string passed to this parameter, it results in arbitrary command execution on the host system.
[REMOTE_CODE_EXECUTION] (MEDIUM): The mcporter call <url> feature allows the agent to send requests and interact with arbitrary remote HTTP endpoints. This creates a surface for Server-Side Request Forgery (SSRF) and data exfiltration if directed toward internal or sensitive resources.
[EXTERNAL_DOWNLOADS] (LOW): The skill's metadata specifies the installation of the mcporter package from the Node.js registry. While a standard installation method, it introduces a third-party dependency not included in the trusted organizations list.
[CREDENTIALS_UNSAFE] (MEDIUM): The presence of mcporter auth and mcporter config commands indicates that the tool manages sensitive authentication tokens and configuration data. Malicious instructions could potentially leverage these commands to expose or modify credentials.
[PERSISTENCE_MECHANISMS] (MEDIUM): The mcporter daemon start|stop commands enable the creation and management of background processes, which can be used to establish persistence on the system.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external MCP servers via network or stdio calls.
Ingestion points: mcporter call <server.tool> and mcporter call <url>.
Boundary markers: None specified in the documentation.
Capability inventory: Arbitrary command execution (--stdio), network requests (<url>), and config modification (config add).
Sanitization: No evidence of input sanitization or validation of the responses received from remote servers.

mcporter