Skills routeros-app-yaml
📦

routeros-app-yaml

Safe ⚙️ External commands🌐 Network access

Write RouterOS container YAML configurations

Create and validate YAML configurations for MikroTik RouterOS container applications. This skill helps you define services, ports, volumes, and networks for the RouterOS /app subsystem without needing docker-compose knowledge.

Supports: Claude Codex Code(CC)
🥉 73 Bronze
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "routeros-app-yaml". Create a /app YAML for a Home Assistant container with persistent storage on port 8123

Expected outcome:

  • A YAML file with name, services, volumes, and networks sections.
  • The web service uses ghcr.io/home-assistant/home-assistant image with port 8123 mapped.
  • A named volume home-assistant-config is mounted to /config.
  • The restart policy is set to always for reliability.

Using "routeros-app-yaml". Show the difference between old and new port formats in RouterOS YAML

Expected outcome:

  • Old OCI-style uses a slash before the protocol: 8080:80/tcp
  • New RouterOS 7.23 style uses a colon: 8080:80:web:tcp
  • Both formats are valid. New deployments from 7.23beta2 should prefer the colon style.
  • Long-form object syntax with target, published, and protocol fields works in all versions.

Security Audit

Safe
v2 • 4/16/2026

All 159 static analysis findings are false positives. The skill contains only documentation and YAML configuration examples for RouterOS container applications. There is no executable code, no actual shell commands, no network requests, and no credential handling. The static scanner flagged YAML examples in markdown code blocks as security risks (for example, backticks in YAML values, example URLs in documentation, and placeholder IP addresses in configuration samples). After manual review, no genuine security issues were found.

2
Files scanned
453
Lines analyzed
5
findings
2
Total audits
Low Risk Issues (3)
SKILL.md:1-276references/examples.md:1-177
False positive: External command detection in YAML documentation
The static scanner flagged 132 locations as external command execution. These are YAML configuration examples and markdown documentation, not executable code. Examples include shell commands in YAML entrypoint values (for example, nginx -g daemon off in SKILL.md line 32 and references/examples.md line 31) and backtick-formatted text in markdown. No actual command execution exists.
SKILL.md:110-275references/examples.md:19-173
False positive: Network pattern detection in documentation URLs
The static scanner flagged 13 locations as network risks including hardcoded URLs, hardcoded IP addresses, and fetch API calls. All are documentation examples: example.com URLs in YAML samples (references/examples.md lines 19, 21), example IP addresses like 192.168.1.1 in port mapping examples (SKILL.md line 110, references/examples.md line 145), and TypeScript fetch snippets showing RouterOS REST API usage (SKILL.md lines 216, 222). No actual network requests are made by this skill.
SKILL.md:1-276references/examples.md:1-177
False positive: Blocker patterns misidentified in YAML content
The static scanner flagged weak cryptographic algorithms, Windows SAM database references, LLM role token injection, and system reconnaissance patterns. None of these patterns exist in the actual file content. The scanner likely misidentified YAML property names or markdown formatting as security threats.

Risk Factors

⚙️ External commands (132)
references/examples.md:5-12 references/examples.md:12-16 references/examples.md:16-105 references/examples.md:105-109 references/examples.md:109-134 references/examples.md:134-138 references/examples.md:138-161 references/examples.md:161-165 references/examples.md:165-176 references/examples.md:31 SKILL.md:8 SKILL.md:8 SKILL.md:8 SKILL.md:12 SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:19 SKILL.md:25 SKILL.md:26 SKILL.md:30 SKILL.md:32 SKILL.md:33 SKILL.md:33 SKILL.md:33 SKILL.md:39 SKILL.md:40 SKILL.md:41 SKILL.md:42 SKILL.md:43 SKILL.md:43 SKILL.md:44 SKILL.md:44 SKILL.md:45 SKILL.md:45 SKILL.md:46 SKILL.md:47 SKILL.md:48 SKILL.md:49 SKILL.md:50 SKILL.md:51 SKILL.md:52 SKILL.md:56-61 SKILL.md:61-67 SKILL.md:67 SKILL.md:67-71 SKILL.md:71 SKILL.md:71 SKILL.md:71-72 SKILL.md:72 SKILL.md:72-73 SKILL.md:73-74 SKILL.md:74-75 SKILL.md:75-76 SKILL.md:76-77 SKILL.md:77 SKILL.md:77 SKILL.md:77-78 SKILL.md:78 SKILL.md:78-79 SKILL.md:79 SKILL.md:79-80 SKILL.md:80 SKILL.md:80 SKILL.md:80 SKILL.md:80 SKILL.md:80-81 SKILL.md:81-82 SKILL.md:82-83 SKILL.md:83-84 SKILL.md:84-85 SKILL.md:85-86 SKILL.md:86-87 SKILL.md:87 SKILL.md:87-88 SKILL.md:88-89 SKILL.md:89-90 SKILL.md:90-91 SKILL.md:91-92 SKILL.md:92-93 SKILL.md:93-101 SKILL.md:101-103 SKILL.md:103-106 SKILL.md:106-111 SKILL.md:111-115 SKILL.md:115-117 SKILL.md:117-120 SKILL.md:120-125 SKILL.md:125-129 SKILL.md:129-136 SKILL.md:136-141 SKILL.md:141-145 SKILL.md:145-153 SKILL.md:153-154 SKILL.md:154-155 SKILL.md:155-156 SKILL.md:156-157 SKILL.md:157-163 SKILL.md:163-165 SKILL.md:165-181 SKILL.md:181-185 SKILL.md:185-193 SKILL.md:193-197 SKILL.md:197-199 SKILL.md:199-208 SKILL.md:208-210 SKILL.md:210-214 SKILL.md:214-216 SKILL.md:216-222 SKILL.md:222-227 SKILL.md:227-229 SKILL.md:229-237 SKILL.md:237 SKILL.md:237-238 SKILL.md:238-240 SKILL.md:240-245 SKILL.md:245-252 SKILL.md:252-254 SKILL.md:254-259 SKILL.md:259 SKILL.md:259-260 SKILL.md:260 SKILL.md:260 SKILL.md:260 SKILL.md:260-265 SKILL.md:265-267 SKILL.md:267-268 SKILL.md:268 SKILL.md:268-269 SKILL.md:269 SKILL.md:269-273 SKILL.md:273-274
🌐 Network access (13)
references/examples.md:19 references/examples.md:21 references/examples.md:57 references/examples.md:101 references/examples.md:173 references/examples.md:145 SKILL.md:216 SKILL.md:222 SKILL.md:225 SKILL.md:248 SKILL.md:249 SKILL.md:275 SKILL.md:110
Audited by: claude View Audit History →

Quality Score

41
Architecture
100
Maintainability
87
Content
32
Community
99
Security
100
Spec Compliance

What You Can Build

Define a container application for RouterOS

A network administrator writes YAML to deploy a monitoring stack with Grafana and Prometheus on a MikroTik router using the /app subsystem.

Migrate docker-compose projects to RouterOS

A developer adapts an existing docker-compose configuration to RouterOS /app YAML format, adjusting port syntax and removing unsupported properties.

Create an app store for team deployment

A system engineer builds a tikappstore YAML file with pre-configured applications for consistent deployment across multiple RouterOS devices.

Try These Prompts

Create a basic /app definition 
Write a RouterOS /app YAML file that runs an nginx container on port 8080 with a named volume for persistent data.
Convert docker-compose to RouterOS YAML 
Convert this docker-compose file to RouterOS /app YAML format. Highlight any properties that are not supported or behave differently.
Create a multi-service application 
Write a RouterOS /app YAML with a web frontend, a PostgreSQL database, and a Redis cache. Include proper volume mounts, network isolation, and health checks.
Build an app store file 
Create a RouterOS app store YAML file containing three applications: a web server, a database manager, and a monitoring dashboard. Each should have appropriate categories and metadata.

Best Practices

  • Always use the .tikapp.yaml file extension for custom RouterOS app definitions to distinguish them from generic YAML files.
  • Use the *.editor.json schema variant during development for better autocompletion, then validate against *.latest.json before deployment.
  • Test your YAML on a RouterOS CHR virtual machine before deploying to production hardware to catch schema errors early.

Avoid

  • Assuming full docker-compose compatibility. RouterOS /app supports only a subset of compose properties and handles some differently.
  • Using the version top-level key. RouterOS ignores this key and it serves no purpose in /app YAML.
  • Mixing port format styles within a single port string. Each port entry must use either the old OCI style or the new colon style exclusively.

Frequently Asked Questions

What RouterOS version do I need for /app YAML?
The /app path is built-in starting in RouterOS 7.21. Custom app creation via /app/add requires RouterOS 7.22 or later. The container extra package must also be installed.
Is RouterOS /app YAML the same as docker-compose?
No. RouterOS /app YAML looks similar to docker-compose but supports fewer properties. Some properties like deploy and resources are not supported. Port mapping syntax also differs between the two.
What file extension should I use for /app YAML files?
Use .tikapp.yaml for individual app definitions and .tikappstore.yaml for app store files. These conventions help tools and editors apply the correct schema.
How do placeholders work in RouterOS YAML?
Placeholders like [accessIP], [accessPort], [containerIP], and [routerIP] are expanded at deploy time by RouterOS. They appear in port mappings, environment values, and config content.
Can I use environment variables with lowercase names?
The strict validation schema requires uppercase environment variable names matching the pattern [A-Z_][A-Z0-9_]*. Use the editor schema variant if you need mixed-case variable names.
How do I add a custom app to RouterOS?
Use the CLI command /app/add with the yaml-url parameter pointing to your YAML file URL. Alternatively, use the REST API PUT endpoint at /app with the yaml-url in the request body.

Developer Details

Author

tikoci

License

MIT

Repository

https://github.com/tikoci/routeros-skills/tree/main/routeros-app-yaml

Ref

main

File structure

📁 references/

📄 examples.md

📄 SKILL.md