mcporter

[Skill Scanner] Natural language instruction to download and install from URL detected Based solely on this documentation fragment, there is no evidence of malicious code or explicit supply-chain attack patterns. The fragment is a legitimate-looking skill/README describing a CLI that would normally access local config files and make network calls. Because no implementation is included, verify the mcporter binary/package source before installation to ensure it doesn't route credentials through untrusted intermediaries or perform unexpected downloads/executions. LLM verification: The skill's stated purpose (interact with MCP servers via a CLI) aligns with its capabilities. There is no definite malicious code in the provided text, but the skill exposes moderately high-risk primitives: calling arbitrary URLs, executing local commands and using their stdio, and storing OAuth tokens in a local config. These features are plausible for the tool's function but increase the likelihood of accidental credential or data exfiltration, especially if the mcporter binary or its install