The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs and executes shell commands using environment variables $MCP_CALL and $NMAP_MCP_SCRIPT to invoke nmap tools.
[REMOTE_CODE_EXECUTION]: The skill executes functionality defined in an external script pointed to by the NMAP_MCP_SCRIPT environment variable. The source code for this script is not contained within the skill, making its behavior unverifiable during static analysis.
[COMMAND_EXECUTION]: User-provided parameters such as target and ports are passed directly to the underlying scanning tools. If the wrapper script does not perform rigorous sanitization, this could lead to command injection vulnerabilities.
[DATA_EXFILTRATION]: The skill provides automated reconnaissance capabilities (ICMP/ARP discovery and port scanning). These capabilities are frequently leveraged in the initial stages of a network attack for target identification and lateral movement planning.

nmap-network-scan