Mcporter 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill is transparently an MCP CLI wrapper, but it gives an agent broad power to call remote tools, authenticate, edit config, run stdio commands, and start a daemon without clear guardrails.

Install only if you intentionally want the agent to operate mcporter. Use it with trusted MCP servers and accounts, review any auth, config, daemon, write-tool, arbitrary URL, or stdio command before running it, and avoid sending secrets or private data to untrusted endpoints.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents capabilities for arbitrary network access, OAuth/auth flows, configuration modification, and stdio-based command execution, but provides no warning or guardrails about data exfiltration, credential handling, or local code execution risk. In an agent skill context, these are sensitive actions because they can cause external data transmission, alter persistent configuration, or invoke local programs if used without clear user consent and safety guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal