ClawHub

UniFi Network

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate UniFi network-inspection skill, but it should be reviewed because it persists sensitive network data and has under-scoped local file handling.

Install only if you are comfortable giving the agent read-only visibility into sensitive UniFi infrastructure. Use a dedicated read-only UniFi API key, keep ~/.clawdbot/credentials and ~/.clawdbot/cache private, avoid exporting topology into synced or shared folders, and avoid using cache_clear.sh with untrusted or path-like arguments until its path handling is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is described as read-only, but it also documents `topology_export.sh --out` writing topology data to arbitrary file or memory paths. This mismatch can cause an agent or user to invoke the skill expecting no side effects, resulting in unintended persistence of sensitive network inventory, VLANs, WLANs, and port-forward data to disk.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The documentation export trigger includes broad phrases such as 'write to memory' and 'document the network', which can cause an agent to invoke a script that persists sensitive topology data. Because this trigger is attached to a write-capable export path, ambiguous routing increases the chance of unintended data disclosure or unauthorized file creation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes writing exported topology to a file or memory path without prominently warning about side effects or the sensitivity of the data being written. This is dangerous because network topology exports can include device inventories, VLANs, WLANs, and NAT rules, and an agent may persist them in locations accessible to other tools or users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script queries cached UniFi APIs for active clients, devices, and networks, then correlates and prints sensitive location-related details such as hostname, IP, MAC, VLAN, AP/switch association, port, signal, SSID, and last-seen time. Even if intended for legitimate administration, exposing this level of endpoint and physical/logical location data without any access control, warning, or minimization increases privacy and operational security risk if invoked by unauthorized users or incorporated into broader automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The library writes raw API responses to a persistent cache under the user's home directory without applying restrictive permissions, encryption, or any filtering of sensitive fields. UniFi API responses can include network inventory, clients, topology, and possibly other operational data, so local disclosure is possible if the host is shared, backup systems collect the cache, or filesystem permissions are too broad.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal