mcporter
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for using the mcporter CLI, but users should notice that it can call MCP tools, authenticate to servers, and rely on an external CLI install.
This skill appears benign and consistent with its description. Before installing or using it, make sure the mcporter CLI comes from the intended source, connect only to trusted MCP servers, and review any command that authenticates, edits configuration, or calls a tool that could affect your data or accounts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against a powerful MCP server, a tool call could read, change, or trigger actions in connected systems.
The skill intentionally exposes direct CLI execution for invoking MCP tools. This is aligned with the skill purpose, but MCP tools can have effects beyond simple read-only operations depending on the configured server.
mcporter call <server-name> <tool-name> [arguments...] ... Use `exec` tool to run mcporter commands
Use this only with trusted MCP servers, review the exact server, tool name, and arguments before running, and avoid destructive or account-changing tool calls unless clearly intended.
Authenticated MCP servers may be able to access or change data according to the permissions granted to those credentials.
The skill includes authentication management for MCP servers. This is expected for its stated purpose, but it means mcporter may use account-level credentials or tokens for configured services.
### Authentication ```bash mcporter auth --help ```
Authenticate only to trusted servers, prefer least-privilege credentials, and review mcporter's stored authentication/configuration before granting broad access.
The behavior and security of the skill ultimately depend on the installed mcporter binary and its distribution source.
The skill depends on an external CLI installed from a Homebrew tap. That dependency is disclosed and central to the purpose, but the runnable CLI code is not included in this instruction-only skill.
`mcporter` CLI installed (via Homebrew: `brew install pdxfinder/tap/mcporter`)
Install mcporter from the intended upstream source, keep it updated, and review the Homebrew formula or project page if supply-chain provenance matters for your environment.
Arguments or data sent to an MCP server may be handled by that server, and untrusted servers could return misleading or unsafe tool outputs.
The skill is designed to interact with MCP servers over HTTP or stdio, including ad-hoc servers. This is purpose-aligned, but users should treat server identity and trust boundaries as important.
mcporter supports both HTTP and stdio MCP servers - Ad-hoc server creation is supported
Connect only to MCP servers you trust, avoid sending sensitive data to unknown servers, and verify ad-hoc server configurations before use.