Навыки routeros-netinstall История аудитов
📦

История аудитов

routeros-netinstall - 2 аудиты

Версия аудита 2

Последняя Безопасно

Apr 16, 2026, 09:09 PM

This skill is a documentation-only SKILL.md file (252 lines) describing MikroTik RouterOS netinstall-cli usage. The static analyzer flagged 124 patterns, but all are false positives from misinterpreting markdown formatting. Backtick-enclosed text (e.g., `netinstall-cli`) is markdown inline code formatting, not Ruby/shell execution. Sudo references, shell command substitution examples, and network URLs appear in documented code examples and reference links. The file contains no executable code, no secrets, and no malicious patterns. Safe for publication.

1
Просканировано файлов
252
Проанализировано строк
0
находки
claude
Проверено
Проблем безопасности не найдено

Версия аудита 1

Низкий риск

Mar 30, 2026, 02:08 AM

This is a documentation/information skill providing guidance on MikroTik netinstall-cli usage. All 113 static analyzer flags are false positives or misclassifications. The backtick patterns are Makefile syntax in documentation examples. Sudo usage is legitimate (tool requires root for privileged BOOTP/TFTP ports). No cryptographic algorithms are implemented. The skill poses no security risk to users.

1
Просканировано файлов
235
Проанализировано строк
8
находки
claude
Проверено
Проблемы среднего риска (1)
SKILL.md:167-168SKILL.md:179SKILL.md:189SKILL.md:202
Misclassified sudo privilege escalation
Static analyzer flagged 'sudo netinstall-cli' usage as privilege escalation. This is FALSE POSITIVE - the netinstall-cli tool legitimately requires root privileges for BOOTP (ports 67/68) and TFTP (port 69) network operations. Documentation correctly shows proper sudo usage for this sysadmin tool.
Проблемы низкого риска (4)
SKILL.md:144-149SKILL.md:146-147
Documentation examples containing Makefile syntax
Static analyzer flagged '$(shell ...)' as Ruby backtick execution. This is FALSE POSITIVE - lines 144-149 contain Makefile documentation showing version resolution patterns, not executable code.
SKILL.md:112-114SKILL.md:147SKILL.md:234
Hardcoded MikroTik download URLs
Static analyzer flagged hardcoded URLs to download.mikrotik.com and upgrade.mikrotik.com. These are legitimate official MikroTik download endpoints for RouterOS packages - not security concerns.
SKILL.md:169
Example IP address in documentation
Line 169 shows example IP 192.168.88.2/24 for network configuration documentation. Standard practice for documentation - no actual IP scanning or network probing.
SKILL.md:109SKILL.md:140
Markdown relative path references flagged as path traversal
Lines 109 and 140 reference '../routeros-fundamentals/references/version-parsing.md' as markdown links to other skill documentation. This is standard cross-referencing, not path traversal vulnerability.

Факторы риска

⚙️ Внешние команды (1)
SKILL.md:144-149
🌐 Доступ к сети (1)
SKILL.md:112-114
📁 Доступ к файловой системе (1)
SKILL.md:109

Обнаруженные паттерны

Static analyzer misclassified keywords as crypto weakness
← Назад к навыку