100Critical
This skill allows arbitrary command execution, fetches external
Behavior Analysis
Description verified — behavior matches claim
Claims to do
mcporter: Use `mcporter` to work with MCP servers directly.
Actually does
This skill executes the `mcporter` CLI tool to interact with MCP servers. It allows users to list available tools, call specific tools with various arguments (including JSON payloads), manage authentication (OAuth), configure `mcporter` settings (defaulting to `./config/mcporter.json`), run a daemon, and generate client-side code (CLI or TypeScript). It can also invoke `bun run` for stdio servers and contacts specified URLs for MCP server interactions.
Skill Info
Namesteipete/mcporter
Registryclawhub
Version1.0.0
PURLpkg:clawhub/steipete/mcporter@1.0.0
Stars172
Downloads55,963
Installs1,867
Source
SHA-256475253164a0c...
SHA-10f7cbad0ef6a...
MD52ee32abdc9c4...
TLSHfb3176375240...
Size1,480 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
ClawHubDocs
openclaw skills install steipete/mcporterAssessments (1)
AI Agent Traps ↗Direct command execution via --stdiocriticalcommand execution
The skill explicitly demonstrates the ability to execute arbitrary commands using `mcporter call --stdio`, allowing for direct execution of system commands or scripts with attacker-controlled input.
100% confidenceline 21
mcporter call --stdio "bun run ./server.ts"
External code fetching for CLI generationhighsupply chain
The `mcporter generate-cli --command <url>` command allows fetching and processing code from an arbitrary external URL, which could be used to introduce malicious code or configurations.
100% confidenceline 34
mcporter generate-cli --command <url>
Config/auth commands enable credential harvesting/persistencemediumcredential harvesting
Commands like `mcporter auth` and `mcporter config add|import|login` can manage authentication and configuration, potentially allowing a compromised `mcporter` tool to harvest credentials or inject persistent malicious settings.
90% confidenceline 26
mcporter auth <server | url>, mcporter config list|get|add|remove|import|login|logout
Daemon management allows for persistencemediumpersistence
The `mcporter daemon start` command can launch a background process, which, if the `mcporter` binary is compromised, could be used to establish persistence for malicious activities.
80% confidenceline 29
mcporter daemon start|status|stop|restart
External URL interaction with SSRF potentiallowssrf
The skill interacts with external URLs for fetching data or calling tools, which could potentially be abused for Server-Side Request Forgery (SSRF) if the agent is prompted to access internal or restricted resources.
70% confidenceline 20
mcporter call https://api.example.com/mcp.fetch url:https://example.com
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/clawhub/steipete/mcporter)HTML
<a href="https://mondoo.com/ai-agent-security/skills/clawhub/steipete/mcporter"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/mcporter.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/mcporter.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow