Back to skill
Skillv1.0.0
VirusTotal security
Mcporter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:00 AM
- Hash
- f9e3e2fae2ff9bb8351d0c46647392d6f923a02b1b531ad7d630b074f5155f38
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mcporter Version: 1.0.0 The skill is classified as suspicious due to its broad capabilities, particularly the explicit instruction for `mcporter call --stdio "bun run ./server.ts"` in `SKILL.md`. This demonstrates and enables the execution of arbitrary commands, which is a significant security risk, even though the example command itself is benign. Additionally, the skill allows for arbitrary HTTP calls (`mcporter call <url>`), configuration edits, and daemon management, granting extensive system and network access. While these capabilities might be plausible for the stated purpose of a CLI tool, they represent high-risk behaviors without clear malicious intent from the skill bundle itself.
- External report
- View on VirusTotal