Mikrotik
Security checks across malware telemetry and agentic risk
Overview
This MikroTik skill is purpose-aligned, but it gives the agent high-impact router administration abilities, including raw RouterOS commands and scan-time default login attempts.
Install only if you are comfortable giving the agent access to MikroTik administration functions. Use least-privilege credentials, avoid blank admin passwords, keep secrets out of plaintext workspace files, and require manual approval before scans or any command that changes router configuration.
VirusTotal
38/38 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs or misinterprets a modifying RouterOS command, it could disrupt connectivity, firewall policy, VPNs, routing, or router availability.
The skill explicitly offers a raw RouterOS command escape hatch; the artifacts do not show an allowlist or confirmation requirement for commands that could modify firewall, routing, services, files, or device state.
- 执行自定义 RouterOS 命令
Use a least-privilege/read-only RouterOS account where possible, require explicit user confirmation before any non-print command, and review the exact RouterOS command before execution.
A scan may create unexpected admin login attempts on local routers, trigger audit/security alerts, or access devices that still have blank admin passwords.
During scanning, the code attempts to authenticate to discovered MikroTik-like devices using the default admin username and an empty password, rather than only checking ports.
api = MikroTikAPI(ip, 'admin', '', timeout=2)
if api.connect():
if api.login():Only scan networks where you have authorization, and prefer changing the scanner to require explicit approval and supplied credentials before any login attempt.
Network scans can generate probe traffic and may be noticed by monitoring tools or violate policy on production networks.
The scanner actively probes local subnet IPs for MikroTik API ports with concurrent connections, which is disclosed and purpose-aligned but operationally sensitive.
ThreadPoolExecutor(max_workers=self.max_threads) ... sock.connect_ex((ip, self.API_PORT))
Run scans only on networks you administer, reduce scan scope where possible, and coordinate with network/security administrators.
Router credentials stored in a shared or unencrypted workspace file could be exposed to other local processes, backups, or future agent context.
The recommended configuration can place router addresses, usernames, and passwords in a persistent workspace file that may be reused by the agent across tasks.
在 `~/.openclaw/workspace/TOOLS.md` 中添加设备信息 ... `192.168.88.1, admin, yourpassword`
Avoid storing production router passwords in plaintext TOOLS.md; use environment variables, a secrets manager, or a short-lived least-privilege account.