ClawHub

Unifly

Security checks across malware telemetry and agentic risk

Overview

This UniFi management skill is coherent, but it needs review because it can make broad live network changes and includes under-scoped raw API and confirmation-bypass workflows.

Install only if you trust the external unifly CLI and intend to delegate UniFi administrator authority. Use least-privilege credentials, confirm the active profile/site before changes, avoid raw API calls and --yes unless explicitly approved, and protect voucher files, VPN configs, event exports, and backups like credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The reference documents capabilities well beyond ordinary UniFi network configuration, including admin lifecycle, site creation/deletion, VPN management, cloud fleet control, raw API access, and local profile management. In an agent skill, this materially expands the action surface and can enable privilege changes, broader tenancy impact, and destructive operations that are not clearly bounded by the stated task scope.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Documenting profile management and secret-handling commands inside the skill exposes local configuration and credential workflows that are not necessary for routine UniFi infrastructure tasks. In an agent context, this can facilitate secret manipulation, profile switching, or persistence changes on the host running the tool.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The cloud fleet commands extend control from a single controller/site context into broader Site Manager inventory and multi-console operations. That broadens blast radius significantly, enabling cross-site or cross-console enumeration and administrative actions inconsistent with a narrowly scoped network-management skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger conditions are overly broad and activate on generic mentions such as 'UniFi', device families, or controller operations, which can cause the skill to be selected outside of clear user intent. In a high-privilege network-management skill, mistaken invocation increases the chance of sensitive querying or destructive actions being proposed or executed in the wrong context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents numerous destructive or service-impacting operations—such as delete, reboot, poweroff, blocking/kicking clients, firmware upgrades, firewall/NAT changes, and raw API access—without consistently pairing them with impact warnings, safety checks, or explicit confirmation requirements. Because this skill targets live network infrastructure, insufficient guardrails can lead to outages, lockouts, traffic interception, or policy damage from routine or accidental use.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The bulk-delete hotspot purge operation is immediate and filter-driven, but the documentation does not present a strong safety barrier commensurate with its destructive potential. In an agent workflow, a malformed filter or misinterpreted instruction could delete large numbers of vouchers without an adequate pause for verification.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Raw API passthrough grants access to unwrapped endpoints and arbitrary HTTP methods, including destructive requests, effectively bypassing safer command-specific guardrails. In an agent skill, this is especially dangerous because it can be used to invoke undocumented or high-risk controller actions outside the intended scope and validation paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This workflow forwards UniFi event data to an external webhook without any warning, minimization guidance, or mention that event messages can contain sensitive operational details such as client identifiers, IPs, hostnames, or incident context. In a network-management skill, silent exfiltration of telemetry to third-party services is a real data disclosure risk even if the example is meant for legitimate alerting.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The voucher workflow writes active hotspot access codes into local plaintext files intended for printing, but it does not warn that these files are sensitive credentials. Anyone with filesystem, backup, or print access could reuse the codes for unauthorized network access until they expire or are purged.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The backup workflow creates and downloads controller backups without noting that backup archives may contain highly sensitive configuration data, credentials, topology, device inventory, and policy details. In a UniFi administration context, mishandled backups can enable full environment reconnaissance and potentially facilitate broader compromise or unauthorized reconfiguration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal