MikroTik API

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MikroTik router-management skill, but it teaches unsafe credential and TLS patterns for a high-impact admin interface.

Install only if you intentionally want an agent to administer a MikroTik router. Use a limited RouterOS account, prefer verified TLS on a trusted management network, avoid inline credentials and shared .env files, install dependencies in a virtual environment, back up the router first, and review every command before deletes, firewall edits, updates, shutdowns, or reboots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The curl examples embed `user:pass` directly on the command line, which can expose credentials through shell history, process listings, logging, and terminal recording. In a router-management skill, these are high-value administrative credentials, so accidental disclosure can lead to full device compromise.

Natural-Language Policy Violations

Medium

Confidence: 98% confidence
Finding: The skill explicitly normalizes use of the plaintext API port 8728 and `plaintext_login=True` without requiring secure transport or explicit user opt-in. That creates risk of credential interception and session exposure on untrusted networks, especially because router admin access provides broad control over network infrastructure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal