mcporter

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The wrapper script scripts/mcporter.sh uses a Python script to dynamically execute the mcporter CLI via subprocess.run with user-provided arguments.
  • [EXTERNAL_DOWNLOADS]: The skill relies on npx --yes mcporter, which downloads and executes the mcporter package from the npm registry at runtime.
  • [DATA_EXFILTRATION]: The tool is designed to discover and access MCP configuration files from other applications like Cursor and Claude, which frequently contain sensitive API keys. It also allows making network requests to arbitrary remote URLs.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates calling arbitrary MCP tools, which can perform various actions including network communication and potential local code execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes unvalidated output from external MCP tools (e.g., web scrapers) while the agent has access to powerful tools like Bash and file system read/write.
  • Ingestion points: Output from mcporter call in scripts/mcporter.sh
  • Boundary markers: Absent
  • Capability inventory: Bash, Read, Glob, Grep
  • Sanitization: Absent
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 08:37 AM
Security Audit — agent-trust-hub — mcporter