Skills
skills/steipete/clawdis/mcporter/Snyk

mcporter

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). Yes — the CLI explicitly supports calling arbitrary URLs and running stdio scrapers (e.g., "mcporter call https://api.example.com/mcp.fetch url:https://example.com" and "mcporter call --stdio 'bun run ./server.ts' scrape url=https://example.com"), which ingests untrusted public/web or user-provided content that could carry indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 08:19 PM