Mcporter
Use the mcporter CLI to list, configure, auth, and call MCP servers/tools directly (HTTP or stdio), including ad-hoc servers, config edits, and CLI/type generation.
v1.0.0
2026/01/04
No changelog provided.
Security Scan
Status
suspicious
OpenClaw
gpt-5-mini
OpenClaw analysis
The SKILL.md aligns with a CLI-focused skill (mcporter) but it contains metadata/install instructions that conflict with the registry record and the runtime instructions allow executing arbitrary stdio commands and storing auth in a local config — review before installing or granting it access.
Confidence: medium
VirusTotal
Type: OpenClaw Skill Name: mcporter Version: 1.0.0 The skill is classified as suspicious due to its broad capabilities, particularly the explicit instruction for `mcporter call --stdio "bun run ./server.ts"` in `SKILL.md`. This demonstrates and enables the execution of arbitrary commands, which is a significant security risk, even though the example command itself is benign. Additionally, the skill allows for arbitrary HTTP calls (`mcporter call <url>`), configuration edits, and daemon management, granting extensive system and network access. While these capabilities might be plausible for the stated purpose of a CLI tool, they represent high-risk behaviors without clear malicious intent from the skill bundle itself.