Trust Assessment
mcporter received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Command Injection via --stdio option, Data Exfiltration via `inspect-cli` command, Credential Harvesting and Exposure via `auth` and `config` commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via --stdio option The skill documentation explicitly shows the `mcporter` tool being used to execute arbitrary commands via its `--stdio` option, as in `mcporter call --stdio "bun run ./server.ts"`. If the agent constructs the command string (e.g., `"bun run ./server.ts"`) or its arguments (e.g., `scrape url=https://example.com`) based on untrusted user input, it creates a direct command injection vulnerability. An attacker could inject malicious shell commands, leading to arbitrary code execution on the host system. Ensure that any arguments passed to `mcporter call --stdio` are strictly validated and sanitized, especially the command string itself and any subsequent arguments. Ideally, avoid executing arbitrary commands provided by users. If necessary, use a allowlist of safe commands and arguments, or execute commands in a highly sandboxed environment. | LLM | SKILL.md:20 | |
| HIGH | Data Exfiltration via `inspect-cli` command The `mcporter inspect-cli <path>` command allows inspecting CLI tools from a specified path. If the `<path>` argument is derived from untrusted user input, an attacker could specify arbitrary file paths (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `/app/secrets.env`) to read and exfiltrate sensitive data from the host system. Strictly validate and sanitize the `<path>` argument to `mcporter inspect-cli`. Restrict paths to a predefined, safe directory or use a allowlist of allowed files. Prevent the agent from constructing paths based on arbitrary user input. | LLM | SKILL.md:29 | |
| HIGH | Credential Harvesting and Exposure via `auth` and `config` commands The skill exposes `mcporter auth <server | url>` and `mcporter config login|get` commands. If the agent is instructed to perform authentication or retrieve configuration based on untrusted user input, it could lead to credential harvesting (e.g., by directing `auth` to a malicious server) or exposure of sensitive configuration details (e.g., by using `config get` to retrieve API keys or tokens). Implement strict validation and sanitization for all arguments passed to `mcporter auth` and `mcporter config login|get`. Ensure that authentication flows are directed only to trusted servers. Prevent the agent from exposing sensitive configuration values based on user requests without explicit confirmation or redaction. | LLM | SKILL.md:24 | |
| MEDIUM | Supply Chain Risk: Unpinned Dependency The skill manifest specifies the installation of the `mcporter` package via `node` (likely npm or yarn) without a pinned version. This introduces a supply chain risk, as a malicious update to the `mcporter` package by its maintainers could automatically be installed, compromising the skill and the host system. While not a direct exploit in the provided content, it's a significant vulnerability. Pin the version of the `mcporter` package in the skill's manifest to a specific, known-good version (e.g., `"package": "mcporter@1.2.3"`). Regularly review and update dependencies to mitigate known vulnerabilities. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6100352e2fc37802)
Powered by SkillShield