Skills
skills/qverisai/qverisbot/mcporter/Gen Agent Trust Hub

mcporter

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the mcporter package from the official Node.js package registry (npm) during the setup process.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local shell commands using the --stdio flag, which is designed to launch and communicate with local MCP servers (e.g., bun run ./server.ts).
  • [CREDENTIALS_UNSAFE]: The skill provides an interface for managing authentication and configuration via mcporter auth and mcporter config commands, which handle server access tokens and credentials.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes tool outputs and schemas from external MCP servers.
  • Ingestion points: Data enters the context through mcporter call responses from remote or local servers.
  • Boundary markers: No specific delimiters or safety instructions are applied to tool outputs in the provided documentation.
  • Capability inventory: Includes command execution, network requests, and code generation (generate-cli).
  • Sanitization: No explicit sanitization of tool output is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:23 AM