Mcporter

Security checks across malware telemetry and agentic risk

Overview

This skill is a thin guide for using the mcporter CLI, and its broad network, auth, config, daemon, codegen, and stdio examples are disclosed and aligned with that purpose.

Install this only if you want an agent to use mcporter for direct MCP operations. Treat `mcporter call`, OAuth, config edits, daemon commands, and `--stdio` commands as sensitive: review the target server or command first, avoid production credentials unless needed, and prefer explicit user approval before running commands that can modify data or start local processes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documentation explicitly instructs users to perform network calls, OAuth/auth flows, local config edits, daemon operations, code generation, and stdio command execution, but provides no safety guidance, permission boundaries, or warnings about credential exposure, remote data transmission, or local command execution risks. In an agent skill context, this omission is dangerous because it normalizes high-impact operations that could affect user data, tokens, local files, or system state without informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal