Trust Assessment
mcporter-skill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 4 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via 'exec' tool, Broad capabilities of 'mcporter' tool combined with 'exec'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 49/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via 'exec' tool The skill explicitly states that the 'exec' tool should be used to run 'mcporter' commands. This indicates that the LLM is intended to execute arbitrary shell commands. If user input can be passed as arguments to 'mcporter' commands, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Avoid using a generic `exec` tool for running commands. Instead, define specific, parameterized tools for each `mcporter` subcommand (e.g., `mcporter_list`, `mcporter_call_tool`) with strict input validation and sanitization. If `exec` is unavoidable, implement robust input sanitization and a strict allowlist for commands and arguments. | LLM | SKILL.md:47 | |
| HIGH | Broad capabilities of 'mcporter' tool combined with 'exec' The 'mcporter' tool, as described, has extensive capabilities including listing, configuring, authenticating, calling MCP servers/tools (HTTP/stdio), ad-hoc server creation, config edits, and CLI/type generation. When combined with the explicit instruction to use an 'exec' tool, this grants the LLM agent broad control over the system's network, configuration files, and potentially code generation, which could be exploited for malicious purposes. Restrict the `mcporter` commands exposed to the LLM to only those strictly necessary for the skill's intended function. Implement fine-grained access control for specific `mcporter` subcommands and their arguments. Consider running the agent in a sandboxed environment with minimal permissions. | LLM | SKILL.md:3 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/livvux/mcporter-skill/SKILL.md:1 | |
| MEDIUM | Potential Data Exfiltration via 'mcporter' configuration access The skill mentions that `mcporter` interacts with configuration files in `~/.config/mcporter/` and provides `config` management commands. If the LLM can be prompted to use `mcporter` to read, modify, or exfiltrate sensitive data from these configuration files or other parts of the filesystem, it poses a data exfiltration risk. Ensure that `mcporter` commands exposed to the LLM do not allow reading or writing to arbitrary file paths. Implement strict validation for any file paths or configuration keys that can be influenced by user input. Consider encrypting sensitive configuration data at rest. | LLM | SKILL.md:13 | |
| MEDIUM | Potential Credential Exposure via 'mcporter auth' The skill mentions `mcporter auth` for authentication. This implies the tool handles sensitive credentials. If the LLM can be prompted to misuse this command, it could potentially expose, manipulate, or log authentication tokens or secrets, leading to credential harvesting or unauthorized access. Implement strict controls around the `mcporter auth` command. Ensure that the LLM cannot be prompted to display or transmit credentials. If possible, use short-lived tokens or other secure authentication mechanisms that do not expose long-term secrets. | LLM | SKILL.md:24 | |
| MEDIUM | Supply Chain Risk - Unpinned dependency in installation instructions The installation instruction `brew install pdxfinder/tap/mcporter` does not specify a version for the `mcporter` binary. This means that any future installation will fetch the latest available version, which could introduce breaking changes or, more critically, malicious code if the upstream repository or tap is compromised. Pin the version of the `mcporter` formula in the `brew install` command to ensure deterministic and secure installations. Regularly audit and update the pinned version after verifying its integrity. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/b1d376c47f85f263)
Powered by SkillShield