ClawHub

Mcporter 1.0.0

v1.0.0

Use the mcporter CLI to list, configure, auth, and call MCP servers/tools directly (HTTP or stdio), including ad-hoc servers, config edits, and CLI/type gene...

0· 799·23 current·26 all-time
by@mskmz
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe a CLI for interacting with MCP servers; the skill declares the mcporter binary and provides a node/npm install for a mcporter package — these are appropriate and expected.
Instruction Scope
SKILL.md contains examples and usage for mcporter (list, call, auth, config, daemon, codegen). It references a default config path (./config/mcporter.json) and examples that run subprocesses via stdio (e.g., 'bun run ./server.ts'). These are consistent with a CLI that can call local programs and store config, but they mean the tool can read/write that config file and can execute local commands when you use the --stdio option. The instructions do not tell the agent to read unrelated system files or exfiltrate data.
Install Mechanism
Install spec is a node/npm package 'mcporter' producing a 'mcporter' binary — a standard and expected install mechanism for a Node CLI. This is moderate-risk by nature (npm packages execute install scripts) but proportionate to the stated purpose.
Credentials
The skill declares no required environment variables or credentials. SKILL.md mentions performing OAuth and storing config (e.g., mcporter auth), which is expected for a client CLI; the skill does not request unrelated secrets or excessive environment access.
Persistence & Privilege
The skill is not marked 'always' and uses the normal autonomous-invocation default. It may read/write its own config file (./config/mcporter.json) during normal operation, which is expected. It does not request elevated system-wide privileges or modify other skills' configs.
Assessment
This skill appears to be a straightforward wrapper for the mcporter CLI. Before installing: (1) verify the npm package 'mcporter' and its publisher on the npm registry (check maintainers, recent versions, and package contents), (2) be aware that authentication (OAuth) will typically store credentials in the tool's config file (default ./config/mcporter.json) so check that file's permissions, and (3) avoid running untrusted commands with the --stdio mode (e.g., don't point it at unknown scripts or remote code). Also note the homepage is HTTP (not HTTPS) and the metadata ownerId in _meta.json differs from the registry owner shown—these are minor inconsistencies worth double-checking with the package source/registry before trusting it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📦 Clawdis
Binsmcporter

Install

Install mcporter (node)
Bins: mcporter
npm i -g mcporter
latestvk97chgbet3pzhvk6mjrvwqz53h82bm7y
799downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@mskmz
latest
Download

mcporter

Use mcporter to work with MCP servers directly.

Quick start

  • mcporter list
  • mcporter list <server> --schema
  • mcporter call <server.tool> key=value

Call tools

  • Selector: mcporter call linear.list_issues team=ENG limit:5
  • Function syntax: mcporter call "linear.create_issue(title: \"Bug\")"
  • Full URL: mcporter call https://api.example.com/mcp.fetch url:https://example.com
  • Stdio: mcporter call --stdio "bun run ./server.ts" scrape url=https://example.com
  • JSON payload: mcporter call <server.tool> --args '{"limit":5}'

Auth + config

  • OAuth: mcporter auth <server | url> [--reset]
  • Config: mcporter config list|get|add|remove|import|login|logout

Daemon

  • mcporter daemon start|status|stop|restart

Codegen

  • CLI: mcporter generate-cli --server <name> or --command <url>
  • Inspect: mcporter inspect-cli <path> [--json]
  • TS: mcporter emit-ts <server> --mode client|types

Notes

  • Config default: ./config/mcporter.json (override with --config).
  • Prefer --output json for machine-readable results.

Comments

Loading comments...