Unifi

Security checks across malware telemetry and agentic risk

Overview

The skill matches its UniFi monitoring purpose, but it appears to save sensitive network data locally without clear user control or disclosure.

Review this before installing if your UniFi network contains sensitive client, firewall, VLAN, or routing data. Use a dedicated least-privilege UniFi account, restrict the credential file permissions, and inspect or disable any dashboard/debug output files so raw network inventory is not left on disk unintentionally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill requires shell execution and outbound network access but does not declare those permissions, which undermines least-privilege enforcement and informed review. In a skill that stores credentials and talks to a local network gateway, hidden capabilities materially increase risk because operators may approve it without realizing it can execute commands and reach internal services.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented purpose presents the skill as simple monitoring, but the reported behavior includes pulling sensitive configuration data such as firewall, port forwarding, routing, SSID, and network settings, plus writing collected data to local files. That mismatch is dangerous because users may authorize the skill expecting low-risk status checks while it actually enumerates internal network architecture and persists potentially sensitive data for later exposure.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script persists a comprehensive UniFi dashboard to a fixed path under the user's home directory, including device inventory, client hostnames/IPs/MACs, wireless networks, port forwards, firewall rules, routes, and alarms. For a monitoring/query skill, silently writing this sensitive network inventory to disk increases exposure by leaving durable artifacts that other local processes, users, backups, or later prompts could access.

Description-Behavior Mismatch

Low

Confidence: 98% confidence
Finding: The debug block writes raw JSON from multiple UniFi API responses to dashboard_debug_dump.json without any guard, consent, or cleanup. This creates an undisclosed local cache of sensitive operational and configuration data that may include client details, network topology, WLANs, and other administrative information beyond what is needed for normal monitoring.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README instructs users to place long-lived UniFi credentials in a local JSON file and optionally export them as environment variables, but it does not warn about file permissions, shell history, process/environment leakage, or secret-management alternatives. In a monitoring skill that accesses network infrastructure, exposed credentials could allow unauthorized access to sensitive network telemetry and potentially broader administrative actions depending on the account's privileges.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script writes a detailed dashboard containing sensitive client and network data to a predetermined file path with no user-facing notice or confirmation. In the context of an agent skill, undisclosed persistence is especially risky because users may expect an ephemeral status query, not creation of a reusable local intelligence file about their network.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script creates an unannounced debug_dump file containing fetched API data, which is inconsistent with the stated monitoring purpose and expands the data footprint unnecessarily. Because the dump is raw structured data, it is more useful for later enumeration or exfiltration than the human-readable dashboard and therefore materially increases risk.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Setup Create the credentials file: `~/.clawdbot/credentials/unifi/config.json` ```json {
Confidence: 93% confidence
Finding: Create the credentials file: `~/.clawdbot

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal