mcporter
Warn
Audited by Socket on May 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core install path is benign and officially documented, but the skill’s footprint includes high-trust behaviors: arbitrary stdio command execution, direct connections to arbitrary MCP URLs, and forwarding auth tokens to third-party servers. These capabilities are related to the stated MCP-client purpose, yet they create meaningful execution and credential-routing risk beyond a narrowly scoped integration skill.
Confidence: 87%Severity: 63%
Audit Metadata