Skills
skills/termix-official/cryptoclaw/mcporter/Gen Agent Trust Hub

mcporter

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the mcporter call --stdio command to run local shell commands or scripts, which is required for interacting with stdio-based MCP servers.
  • [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the mcporter package from the Node.js package registry (npm).
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the ingestion of output from external MCP servers.
  • Ingestion points: Data enters the context via the output of tool calls made using mcporter call.
  • Boundary markers: There are no explicit delimiters or instructions defined to isolate tool output from the agent's core instructions.
  • Capability inventory: The agent can perform network requests, execute local shell commands, and read or modify configuration files (e.g., ./config/mcporter.json).
  • Sanitization: No sanitization or verification of the external tool output is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:15 AM