mcporter
Warn
Audited by Socket on May 20, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill's core purpose is coherent with its behavior and the mcporter distribution appears official, so this is not confirmed malware. However, the permission scope is too broad for the stated task: Bash(npx:*) allows arbitrary package execution, and the skill can route data to any configured or ad-hoc MCP server, making the trust boundary much wider than a typical focused integration skill.
Confidence: 86%Severity: 64%
Audit Metadata