UniFi Advisor

Security checks across malware telemetry and agentic risk

Overview

This UniFi advisor is a read-only network inspection skill with disclosed API-key use and a local site cache; the cache is a privacy consideration but not evidence of unsafe behavior.

Install only if you are comfortable granting a UniFi API key that can read network inventory through api.ui.com. Prefer the least-privilege key available, avoid shared machines for sensitive environments, and delete ~/.openclaw/unifi-skill.json if you do not want cached site metadata left locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill caches site metadata derived from the user's UniFi environment into a local file under the home directory without surfacing that behavior in the high-level description. Even if the cache does not contain the API key, host names, site mappings, hardware details, connection state, and related identifiers can be sensitive in shared, multi-user, or managed environments and may persist longer than a user expects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal