mcporter
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The wrapper script
scripts/mcporter.shuses a Python script to dynamically execute themcporterCLI viasubprocess.runwith user-provided arguments. - [EXTERNAL_DOWNLOADS]: The skill relies on
npx --yes mcporter, which downloads and executes themcporterpackage from the npm registry at runtime. - [DATA_EXFILTRATION]: The tool is designed to discover and access MCP configuration files from other applications like Cursor and Claude, which frequently contain sensitive API keys. It also allows making network requests to arbitrary remote URLs.
- [REMOTE_CODE_EXECUTION]: The skill facilitates calling arbitrary MCP tools, which can perform various actions including network communication and potential local code execution.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes unvalidated output from external MCP tools (e.g., web scrapers) while the agent has access to powerful tools like Bash and file system read/write.
- Ingestion points: Output from
mcporter callinscripts/mcporter.sh - Boundary markers: Absent
- Capability inventory: Bash, Read, Glob, Grep
- Sanitization: Absent
Audit Metadata