Habilidades routeros-netinstall Histórico de Auditoria
📦

Histórico de Auditoria

routeros-netinstall - 3 auditorias

Versão da auditoria 3

Mais recente Baixo Risco

May 9, 2026, 03:48 PM

This skill is a documentation guide for MikroTik RouterOS netinstall-cli. Static analysis flagged 107 potential issues, but evaluation shows all are false positives. The skill documents a legitimate network administration tool with external command references being markdown documentation syntax, not executable code. Hardcoded URLs are legitimate MikroTik download endpoints. No prompt injection or malicious patterns detected.

1
Arquivos analisados
210
Linhas analisadas
6
achados
claude
Auditado por

Problemas de Alto Risco (1)

SKILL.md:106-108SKILL.md:133SKILL.md:206-209
Hardcoded MikroTik Download URLs
The skill contains hardcoded URLs to download.mikrotik.com for RouterOS packages and netinstall-cli binaries. These are legitimate vendor endpoints used for network administration.
Problemas de Risco Médio (1)
SKILL.md:8SKILL.md:136-139SKILL.md:144-145SKILL.md:152-154SKILL.md:159-161SKILL.md:172-175
Markdown Code Fenced Shell Commands
The skill contains shell command examples using backtick syntax and fenced code blocks. These are documentation examples for netinstall-cli usage, not executable code.
Problemas de Baixo Risco (2)
SKILL.md:144
Hardcoded Network Configuration Examples
The skill documents network configuration examples including IP addresses (192.168.88.2/24) for netinstall server setup.
SKILL.md:181-191
Etherboot Entry Methods Documentation
The skill documents device recovery methods including reset button, serial console, and RouterOS settings for entering etherboot mode.

Fatores de risco

⚙️ Comandos externos (6)
SKILL.md:8 SKILL.md:136 SKILL.md:144 SKILL.md:152 SKILL.md:159 SKILL.md:172
🌐 Acesso à rede (7)
SKILL.md:106 SKILL.md:107 SKILL.md:108 SKILL.md:133 SKILL.md:206 SKILL.md:207 SKILL.md:209

Versão da auditoria 2

Seguro

Apr 16, 2026, 09:09 PM

This skill is a documentation-only SKILL.md file (252 lines) describing MikroTik RouterOS netinstall-cli usage. The static analyzer flagged 124 patterns, but all are false positives from misinterpreting markdown formatting. Backtick-enclosed text (e.g., `netinstall-cli`) is markdown inline code formatting, not Ruby/shell execution. Sudo references, shell command substitution examples, and network URLs appear in documented code examples and reference links. The file contains no executable code, no secrets, and no malicious patterns. Safe for publication.

1
Arquivos analisados
252
Linhas analisadas
0
achados
claude
Auditado por
Nenhum problema de segurança encontrado

Versão da auditoria 1

Baixo Risco

Mar 30, 2026, 02:08 AM

This is a documentation/information skill providing guidance on MikroTik netinstall-cli usage. All 113 static analyzer flags are false positives or misclassifications. The backtick patterns are Makefile syntax in documentation examples. Sudo usage is legitimate (tool requires root for privileged BOOTP/TFTP ports). No cryptographic algorithms are implemented. The skill poses no security risk to users.

1
Arquivos analisados
235
Linhas analisadas
8
achados
claude
Auditado por
Problemas de Risco Médio (1)
SKILL.md:167-168SKILL.md:179SKILL.md:189SKILL.md:202
Misclassified sudo privilege escalation
Static analyzer flagged 'sudo netinstall-cli' usage as privilege escalation. This is FALSE POSITIVE - the netinstall-cli tool legitimately requires root privileges for BOOTP (ports 67/68) and TFTP (port 69) network operations. Documentation correctly shows proper sudo usage for this sysadmin tool.
Problemas de Baixo Risco (4)
SKILL.md:144-149SKILL.md:146-147
Documentation examples containing Makefile syntax
Static analyzer flagged '$(shell ...)' as Ruby backtick execution. This is FALSE POSITIVE - lines 144-149 contain Makefile documentation showing version resolution patterns, not executable code.
SKILL.md:112-114SKILL.md:147SKILL.md:234
Hardcoded MikroTik download URLs
Static analyzer flagged hardcoded URLs to download.mikrotik.com and upgrade.mikrotik.com. These are legitimate official MikroTik download endpoints for RouterOS packages - not security concerns.
SKILL.md:169
Example IP address in documentation
Line 169 shows example IP 192.168.88.2/24 for network configuration documentation. Standard practice for documentation - no actual IP scanning or network probing.
SKILL.md:109SKILL.md:140
Markdown relative path references flagged as path traversal
Lines 109 and 140 reference '../routeros-fundamentals/references/version-parsing.md' as markdown links to other skill documentation. This is standard cross-referencing, not path traversal vulnerability.

Fatores de risco

⚙️ Comandos externos (1)
SKILL.md:144-149
🌐 Acesso à rede (1)
SKILL.md:112-114
📁 Acesso ao sistema de arquivos (1)
SKILL.md:109

Padrões Detectados

Static analyzer misclassified keywords as crypto weakness
← Voltar para Skill