UniFi Network

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real read-only UniFi monitoring skill, but it stores sensitive credentials and silently saves private network data locally.

Review before installing. Use a dedicated least-privilege UniFi local account, protect ~/.openclaw/credentials/unifi.json with restrictive permissions, run it only on trusted machines/networks, and remove or disable dashboard_debug_dump.json behavior unless you intentionally want raw network data saved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares no explicit permissions even though it requires shell execution and network access to a local gateway. This weakens user awareness and policy enforcement, because a reviewer may approve the skill as low-risk while it can still reach internal infrastructure and execute commands.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented purpose is limited to monitoring status data, but the analyzed behavior indicates access to broader and more sensitive configuration data such as firewall rules, port forwarding, VLANs, SSIDs, routes, and system information, plus local file writes. That mismatch is dangerous because it expands data exposure beyond user expectations and can leak internal network topology and security posture from a privileged local management interface.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script fetches and exposes sensitive configuration data such as port forwards, firewall rules, network definitions, WLAN settings, and routing details, which goes beyond a simple monitoring/status dashboard. In the context of a local gateway skill, this materially increases disclosure risk because the output can reveal internal topology, exposed services, and security controls to any caller able to invoke the skill.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script unconditionally writes a debug dump file containing fetched UniFi data to disk, including health, devices, clients, networks, and WLAN information. Persisting this data without necessity or user consent creates an unnecessary local data-at-rest exposure and can leak sensitive network details to other local users, backup systems, or later processes.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README instructs users to place a gateway username and password in a plaintext file under the home directory without any guidance on file permissions, secret storage, or least-privilege handling. This increases the chance of credential disclosure through weak filesystem permissions, backups, shell history, or accidental sharing, especially because the credentials grant access to network-management infrastructure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script silently writes sensitive network data to dashboard_debug_dump.json with no user-facing warning, even though the skill is described as a monitoring/dashboard tool. Hidden persistence is especially risky in this context because users would reasonably expect transient display output, not a secondary forensic artifact containing client and network information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script allows output to be written to any path specified by the UNIFI_OUTPUT_FILE environment variable, with no validation and no visible disclosure to the user. In an agent/skill setting, this creates a covert file-write primitive that can persist sensitive dashboard data in unintended locations or overwrite files accessible to the executing user.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Setup Create the credentials file: `~/.openclaw/credentials/unifi.json` ```json {
Confidence: 84% confidence
Finding: Create the credentials file: `~/.openclaw

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal