技能详情

Mcporter

Name: Mcporter
Author: Peter Steinberger

steipete/mcporter

v1.0.0MIT-0Peter Steinberger

Use the mcporter CLI to list, configure, auth, and call MCP servers/tools directly (HTTP or stdio), including ad-hoc servers, config edits, and CLI/type generation.

作者 Peter Steinberger 更新于 2026年3月12日版本 v1.0.0

返回技能列表下载 zip 来源页面

下载量 34,000

当前安装 1,100

累计安装 1,100

安装命令

npm i -g mcporter

运行要求

Runtime requirements📦 ClawdisBinsmcporter

安全扫描

Security ScanVirusTotalVirusTotalSuspiciousView report →OpenClawOpenClawSuspiciousmedium confidenceThe SKILL.md aligns with a CLI-focused skill (mcporter) but it contains metadata/install instructions that conflict with the registry record and the runtime instructions allow executing arbitrary stdio commands and storing auth in a local config — review before installing or granting it access.Details ▾ℹPurpose & CapabilityThe skill's name/description are consistent with the SKILL.md: it is a thin wrapper for the mcporter CLI (listing, calling, auth, config, codegen). However the registry metadata provided earlier lists no required binaries or install, while the SKILL.md metadata explicitly requires the 'mcporter' binary and suggests installing the npm package 'mcporter' — an inconsistency between declared registry requirements and the runtime instructions.ℹInstruction ScopeThe instructions confine the agent to using the mcporter CLI (list, call, auth, config, daemon, generate). They do reference a default config path (./config/mcporter.json) and show examples that run arbitrary stdio commands (e.g., `mcporter call --stdio "bun run ./server.ts"`) — which means the CLI can be used to execute or pipe arbitrary subprocess activity. The SKILL.md does not instruct the agent to read unrelated system files or environment variables, but the ability to run arbitrary commands and to perform auth means the agent could cause local execution or create/store credentials.ℹInstall MechanismThe registry claimed 'no install spec', but SKILL.md metadata includes an install hint: a Node/npm package 'mcporter' (kind: node). Installing from npm is common but carries moderate risk compared with no install; npm packages can contain arbitrary code. The install source is a package name (npm-style), not a direct arbitrary URL, which is more traceable, but you should verify the package and its publisher before installing.ℹCredentialsThe skill declares no required environment variables or primary credential. That is proportionate to an instruction-only CLI wrapper. However the SKILL.md documents auth commands and a local config path where credentials (OAuth tokens, API keys) may be stored (./…