mcporter

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core install path is benign and officially documented, but the skill’s footprint includes high-trust behaviors: arbitrary stdio command execution, direct connections to arbitrary MCP URLs, and forwarding auth tokens to third-party servers. These capabilities are related to the stated MCP-client purpose, yet they create meaningful execution and credential-routing risk beyond a narrowly scoped integration skill.

Confidence: 87%Severity: 63%
Audit Metadata
Analyzed At
May 16, 2026, 01:47 PM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fmcporter%2F@3dce661b7b5c952f981e276fc1f0776c9be96b8f
Security Audit — socket — mcporter