mcporter

Warn

Audited by Socket on May 20, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill's core purpose is coherent with its behavior and the mcporter distribution appears official, so this is not confirmed malware. However, the permission scope is too broad for the stated task: Bash(npx:*) allows arbitrary package execution, and the skill can route data to any configured or ad-hoc MCP server, making the trust boundary much wider than a typical focused integration skill.

Confidence: 86%Severity: 64%
Audit Metadata
Analyzed At
May 20, 2026, 08:40 AM
Package URL
pkg:socket/skills-sh/chandima%2Fopencode-config%2Fmcporter%2F@c2a057e3a382c40008e5da20ef489041241fde02
Security Audit — socket — mcporter