Skillv1.8.5

ClawScan security

Mikrotik · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 6:38 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested access are consistent with a RouterOS management/scanning tool, but it performs active network scanning, subprocess calls, and may persist credentials to a local TOOLS.md — which require cautious use and administrator approval.
Guidance: This skill appears to do what it claims (manage MikroTik devices and scan the local network), but it performs active network scanning and may attempt default/empty-password logins and write device info to ~/.openclaw/workspace/TOOLS.md. Before installing or running it: (1) get explicit permission from your network administrator; (2) avoid saving plaintext credentials in TOOLS.md — use environment variables or a secrets manager; (3) test in an isolated lab network first to see scanning behavior and resource use; (4) review the code that may perform writes to your workspace if you need to prevent credential persistence. If you need, I can point to the exact places in the code that perform scans, subprocess calls, login attempts, and any file writes so you can audit or modify them.
Findings: [subprocess_usage] expected: scanner.py calls subprocess.run(['ip', ...]) and subprocess.run(['hostname', '-I']) to discover local interfaces and ARP entries. This use of subprocess is expected for network discovery but increases reliance on host tools and privileges. [network_port_scan] expected: scanner.py performs concurrent TCP connects to many IPs on ports 8728/8729 and may attempt API login (using admin/empty-password as a probe). This behavior matches the advertised 'scan' feature but is intrusive and can trigger IDS/IPS or violate network policy if run without authorization.

Review Dimensions

Purpose & Capability: okName and description match the code and instructions: the package implements a MikroTik RouterOS API client, common command wrappers, CLI, and a network scanner. The requested capabilities (reading TOOLS.md, optional env vars, opening sockets to devices, and issuing RouterOS commands including admin-level operations) are coherent with a router management skill.
Instruction Scope: concernSKILL.md and the code direct the agent to perform active LAN operations: enumerate local subnets, run system commands ('ip', 'hostname', 'ip neigh'), scan many IPs for open API ports (8728/8729), and attempt connections (including trying empty-password 'admin' logins for info). The instructions also describe interactive flows that save credentials to ~/.openclaw/workspace/TOOLS.md. These behaviors are within the skill's purpose but are intrusive on a network and can trigger security alerts; they require explicit operator approval and careful credential handling.
Install Mechanism: okNo install spec is present (no external downloads or installers). The package is delivered as code files in the skill bundle; nothing in the manifest indicates fetching arbitrary third-party archives or running remote installers. This is lower-risk from an install-mechanism perspective.
Credentials: noteThe registry metadata lists no required env vars, but the code and SKILL.md read and recommend MIKROTIK_HOST / MIKROTIK_USER / MIKROTIK_PASS and also parse ~/.openclaw/workspace/TOOLS.md for credentials. Those environment variables are appropriate and expected for the stated purpose, but the mismatch with the declared registry requirements is an inconsistency. The skill also recommends storing credentials in TOOLS.md (plaintext) which is insecure — the doc warns about it but still promotes that option.
Persistence & Privilege: notealways:false and normal autonomous invocation apply. The skill can persist device info/credentials into the user's workspace TOOLS.md (per SKILL.md/README statements), which is a modest persistence within the user's OpenClaw workspace and not a system-wide privilege escalation. Users should be aware credentials may be written locally if they follow the interactive setup.