ClawHub
Back to skill
v1.1.0

Mcporter Railway Query

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:37 AM.

Analysis

This appears to be a read-only train ticket query helper, with the main caveat that it depends on a trusted local mcporter/MCP setup.

GuidanceBefore installing, make sure you trust the mcporter CLI package and the local 12306 MCP server configured in ~/.mcporter/mcporter.json. The provided scripts appear limited to read-only ticket and station-code queries.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/query-tickets.sh
mcporter call 12306.get-tickets \
  date="$DATE" \
  fromStation="$FROM_STATION" \
  toStation="$TO_STATION" \
  sortFlag="startTime" \
  format="text" \
  --config "$CONFIG_FILE"

The helper script runs a local CLI tool using user-provided query parameters and a config path. This is central to the skill's purpose and the arguments are quoted, but it is still local tool execution.

User impactUsing the skill will run mcporter locally and send the requested route/date details through the configured 12306 MCP setup.
RecommendationUse the scripts only with intended station/date values and keep the mcporter configuration pointed at a trusted service.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
### mcporter not found
```bash
npm install -g mcporter
```

The skill requires an external globally installed CLI, but the artifacts do not pin a version or provide an install spec for that dependency. This is purpose-aligned, but users must trust the installed package.

User impactA compromised or unexpected mcporter installation could affect what commands run or what data is sent.
RecommendationInstall mcporter only from a trusted source, consider pinning/reviewing the version, and verify it before using the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
README.md
"type": "sse",
"url": "http://127.0.0.1:8080/sse"

The documented setup communicates with a local MCP/SSE server. This is disclosed and expected, but it creates a trust boundary between the skill, mcporter, and the local MCP server.

User impactYour ticket search details and returned results depend on the local MCP server you configure; an untrusted server could observe queries or provide misleading results.
RecommendationUse only a trusted 12306 MCP server and review ~/.mcporter/mcporter.json before running queries.