EZ Unifi

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed UniFi admin tool, but it gives an agent broad network-control powers with weak safety boundaries.

Install only if you are comfortable giving the agent administrative control over your UniFi controller. Use a dedicated least-privileged local account if possible, protect the .env file, require explicit approval before any mutating or raw API command, and prefer fixing TLS verification or limiting raw API access before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly requires environment-stored credentials and network access to a UniFi controller, but does not declare those permissions. Missing permission declarations reduce transparency and prevent proper policy enforcement or user review for a skill that can authenticate to infrastructure and make administrative changes.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill is presented as a general UniFi management helper, but its documented behavior includes broader and more sensitive capabilities such as raw arbitrary API access, firewall and routing controls, event streaming, file writes, and forgetting clients. This mismatch is dangerous because users may authorize the skill for routine administration without realizing it can perform lower-level or destructive operations beyond the advertised scope.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill advertises a generic raw UniFi API mode that goes beyond the task-scoped management operations described for the skill. This expands the agent's authority to any controller endpoint, including sensitive or destructive operations not constrained by the intended interface.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The raw command accepts arbitrary HTTP method, path, and JSON body, then forwards them directly to the authenticated UniFi controller. In an agent setting, this is effectively a universal privileged API tunnel that can bypass guardrails, perform unexpected state changes, and access sensitive controller data.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance is extremely broad: it invites use for essentially any UniFi-related request. Broad triggers increase the chance the skill is invoked in contexts where lower-risk informational behavior was expected, even though the skill includes powerful administrative and destructive operations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The markdown advertises destructive actions such as blocking clients, disabling ports/WLANs, power-cycling PoE, restarting/upgrading devices, forgetting clients, and toggling traffic controls, but provides no clear requirement for confirmation, safety checks, or rollback guidance. In a network-management context, these actions can immediately disrupt production connectivity, erase records, or create outages if triggered accidentally or through prompt misuse.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal