Traefik Mantrae Diagnostics

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is useful for Traefik diagnostics, but it gives an agent broader authenticated Mantrae control than its read-only description suggests.

Install only if you trust the publisher and can provide a least-privilege, read-only Mantrae token. Do not use a full admin account, do not set MANTRAE_PASSWORD for an account with write privileges, and treat raw Mantrae method paths, --message overrides, support dumps, and --insecure TLS as sensitive operations that need explicit human review.

SkillSpector (5)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documentation claims read-only inspection while also acknowledging helper support for controlled configuration changes and mutable create/update/delete/restore operations. Even with cautionary wording, exposing write-capable management behavior in a nominally read-only skill creates a confused-deputy risk where the skill can be used beyond its stated trust boundary.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill introduces configuration-management functionality through Mantrae that is broader than necessary for troubleshooting Traefik runtime state. This expansion of scope increases attack surface and the likelihood of credential exposure or unauthorized administrative actions if the skill is misused or misunderstood.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script exposes authenticated Mantrae APIs that go beyond the skill's stated purpose of read-only Traefik inspection, including profiles, agents, backups, audit logs, and settings. It also permits direct path use outside the predefined aliases, creating capability expansion and increasing the chance the skill is used for broader system access than users would expect.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The login flow mints an authentication token from supplied credentials, which exceeds what a nominally read-only troubleshooting helper should need if it were truly limited and pre-scoped. In agent contexts, adding credential-driven authentication increases the blast radius because the skill can silently turn ambient secrets into active privileged API access.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: Allowing any method string to become an RPC path bypasses the intended alias list and enables callers to reach arbitrary Connect endpoints, including potentially state-changing administrative methods. In the context of an agent skill advertised for troubleshooting, this mismatch is especially dangerous because it creates hidden capability escalation beyond expected read-only inspection.

Static analysis

Insecure tls verification

Warn

Finding: HTTPS certificate verification is disabled.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal