skills/openclaw/openclaw/mcporter/Snyk

mcporter

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows mcporter fetching and scraping arbitrary web URLs (e.g., "mcporter call https://api.example.com/mcp.fetch url:https://example.com" and "mcporter call --stdio ... scrape url=https://example.com"), so the agent will ingest untrusted public web content that could contain instructions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 18, 2026, 05:10 AM

Issues

1