Back to skill

Security audit

Unifi Inforjota Integration

Security checks across malware telemetry and agentic risk

Overview

This UniFi monitoring skill appears read-only, but it needs review because its setup and helper scripts can expose sensitive network data and encourage overly broad credential handling.

Install only if you are comfortable giving the skill read access to detailed UniFi network and client data. Use a scoped UniFi Integration API key rather than a local admin password, restrict the credentials file permissions, avoid raw endpoint calls unless needed, and prefer fixing certificate trust instead of relying on disabled TLS verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to execute shell scripts but does not declare corresponding permissions, creating a mismatch between documented trust boundaries and actual capabilities. This can lead to unintended command execution in environments that rely on permission declarations for review, gating, or user consent.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README markets the skill as read-only and safe, but the documented setup requires a local admin account with full administrative privileges. This creates unnecessary privilege exposure: if the skill, host, logs, or credential store are compromised, an attacker gains administrative control of the UniFi console rather than limited read-only access.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README diverges from the declared API-key-based integration model by instructing users to configure classic username/password local-admin access. That mismatch can mislead operators into granting broader access than expected and undermines trust boundaries established by the skill metadata, increasing the blast radius of any compromise.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README suggests exporting UniFi credentials as environment variables without warning that such secrets may be exposed through shell history, process listings, debug output, crash reports, or inherited environments. While common in developer workflows, this is insecure guidance for sensitive administrator credentials.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases are broad and map common user requests like 'dashboard', 'clients', or 'check UniFi' directly to shell script execution. Overlapping triggers increase the chance of unintended invocation, which is particularly sensitive here because the skill exposes network inventory, clients, alarms, and other potentially confidential infrastructure data.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill description presents the capability as routine monitoring but does not warn that execution may disclose sensitive network topology, device identities, client presence, MAC/IP data, alarms, and WLAN/network configuration details. Without an explicit warning, users may invoke the skill without understanding the sensitivity of the returned information.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The document enumerates authenticated UniFi endpoints that expose sensitive operational and configuration data, including clients, devices, admins, firewall rules, WLANs, and RADIUS-related information, but it frames them primarily as safe read-only calls without warning about privacy, least-privilege, or output handling. In the context of an agent skill meant to query live network infrastructure, this omission increases the risk of over-collection, unnecessary disclosure to users, and accidental exposure of internal network details.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The dashboard prints client IP and MAC addresses directly to standard output, which can expose sensitive network inventory and device-identifying information to any user, log sink, transcript, or downstream tool that captures command output. In the context of a monitoring skill, this is especially risky because the behavior is automatic and there is no warning, redaction, or opt-in before revealing client identifiers.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script reads a sensitive UniFi API token from disk and exports it into the process environment with `export UNIFI_TOKEN`. Environment-exported secrets are inherited by child processes and may be exposed through debugging output, crash reports, process-inspection tooling, or other invoked commands within the agent runtime. In a skill context that may compose shell functions with other tools, this broadens the token's exposure beyond the minimum needed scope.

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup

Create the credentials file:

`~/.clawdbot/credentials/unifi/config.json`
Confidence
83% confidence
Finding
Create the credentials file: `~/.clawdbot

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.