Mcporter Railway Query
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a read-only train ticket query helper, with the main caveat that it depends on a trusted local mcporter/MCP setup.
Before installing, make sure you trust the mcporter CLI package and the local 12306 MCP server configured in ~/.mcporter/mcporter.json. The provided scripts appear limited to read-only ticket and station-code queries.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will run mcporter locally and send the requested route/date details through the configured 12306 MCP setup.
The helper script runs a local CLI tool using user-provided query parameters and a config path. This is central to the skill's purpose and the arguments are quoted, but it is still local tool execution.
mcporter call 12306.get-tickets \ date="$DATE" \ fromStation="$FROM_STATION" \ toStation="$TO_STATION" \ sortFlag="startTime" \ format="text" \ --config "$CONFIG_FILE"
Use the scripts only with intended station/date values and keep the mcporter configuration pointed at a trusted service.
A compromised or unexpected mcporter installation could affect what commands run or what data is sent.
The skill requires an external globally installed CLI, but the artifacts do not pin a version or provide an install spec for that dependency. This is purpose-aligned, but users must trust the installed package.
### mcporter not found ```bash npm install -g mcporter ```
Install mcporter only from a trusted source, consider pinning/reviewing the version, and verify it before using the skill.
Your ticket search details and returned results depend on the local MCP server you configure; an untrusted server could observe queries or provide misleading results.
The documented setup communicates with a local MCP/SSE server. This is disclosed and expected, but it creates a trust boundary between the skill, mcporter, and the local MCP server.
"type": "sse", "url": "http://127.0.0.1:8080/sse"
Use only a trusted 12306 MCP server and review ~/.mcporter/mcporter.json before running queries.