ClawHub

MikroTik Encyclopedia

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent MikroTik documentation and operations helper, but users should be aware it may fetch external docs and persist network notes in the workspace.

Install only in workspaces where it is acceptable to create a .MikroTik-Encyclopedia cache. Review or delete stored notes regularly, and avoid recording secrets, credentials, full topology, or other sensitive network details unless you intentionally want them retained there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to perform network access to official documentation and to write cached docs and notes into the workspace, yet it declares no permissions. That mismatch is risky because users and policy systems may not realize the skill can persist data locally and reach external resources, reducing transparency and weakening least-privilege controls.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill repeatedly directs saving official docs, device observations, inventory data, and operational learnings into the workspace, but it does not clearly foreground that persistent writes will occur as part of normal use. In an infrastructure context, even non-secret operational notes can contain sensitive topology, device roles, and access patterns, so silent persistence increases the chance of unintended data retention or disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal