Back to skill

Security audit

EZ Unifi

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed UniFi admin skill, but it gives an agent broad live control over network infrastructure with weak safety boundaries.

Install only if you are comfortable giving the agent administrative control of your UniFi controller. Use a dedicated least-privileged local account where possible, protect the .env file, require explicit approval before any mutating or raw API command, and avoid using this against production networks unless TLS verification and raw API access are restricted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to use environment-stored credentials and perform live network operations against a UniFi controller, but it declares no permissions. This creates a transparency and policy gap: users and orchestrators are not explicitly informed that the skill needs secret handling and network access, increasing the chance of unintended execution with powerful credentials.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documented `raw` GET/POST/PUT interface exposes unrestricted direct API calls to the UniFi controller, bypassing the safer task-oriented command surface. This significantly expands what an agent can do, including destructive or undocumented actions, and makes prompt-driven misuse or operator error much more likely when paired with Super Admin credentials.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The raw API command allows arbitrary authenticated requests to the UniFi controller, bypassing the narrower task-oriented command set and any guardrails implied by the skill description. In an agent setting, this becomes a capability escalation primitive that could be used to modify, delete, or exfiltrate controller data far beyond expected operations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text says to use the skill for essentially any UniFi controller task, which is overly broad for a capability that can restart devices, disable networks, alter traffic rules, and manage credentials. Broad triggers increase the chance the agent invokes high-impact tooling in situations where read-only guidance or a narrower skill would be safer.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill lists destructive actions such as blocking clients, forgetting clients permanently, and reconnecting/kicking devices without documenting confirmation, rollback, or warning requirements. In a network-management context, these actions can cause immediate denial of service, accidental lockout, or loss of configuration/state for legitimate users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Destructive operations such as blocking, unblocking, reconnecting, forgetting clients, restarting devices, disabling ports, or changing controller state execute immediately without confirmation, dry-run, or safety interlocks. In an agent-driven environment, prompt injection, misunderstanding, or operator error could directly cause outages or lock out legitimate users.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.