技能 routeros-netinstall 审计历史
📦

审计历史

routeros-netinstall - 2 审计

审计版本 2

最新 安全

Apr 16, 2026, 09:09 PM

This skill is a documentation-only SKILL.md file (252 lines) describing MikroTik RouterOS netinstall-cli usage. The static analyzer flagged 124 patterns, but all are false positives from misinterpreting markdown formatting. Backtick-enclosed text (e.g., `netinstall-cli`) is markdown inline code formatting, not Ruby/shell execution. Sudo references, shell command substitution examples, and network URLs appear in documented code examples and reference links. The file contains no executable code, no secrets, and no malicious patterns. Safe for publication.

1
已扫描文件
252
分析行数
0
发现项
claude
审计者
未发现安全问题

审计版本 1

低风险

Mar 30, 2026, 02:08 AM

This is a documentation/information skill providing guidance on MikroTik netinstall-cli usage. All 113 static analyzer flags are false positives or misclassifications. The backtick patterns are Makefile syntax in documentation examples. Sudo usage is legitimate (tool requires root for privileged BOOTP/TFTP ports). No cryptographic algorithms are implemented. The skill poses no security risk to users.

1
已扫描文件
235
分析行数
8
发现项
claude
审计者
中风险问题 (1)
SKILL.md:167-168SKILL.md:179SKILL.md:189SKILL.md:202
Misclassified sudo privilege escalation
Static analyzer flagged 'sudo netinstall-cli' usage as privilege escalation. This is FALSE POSITIVE - the netinstall-cli tool legitimately requires root privileges for BOOTP (ports 67/68) and TFTP (port 69) network operations. Documentation correctly shows proper sudo usage for this sysadmin tool.
低风险问题 (4)
SKILL.md:144-149SKILL.md:146-147
Documentation examples containing Makefile syntax
Static analyzer flagged '$(shell ...)' as Ruby backtick execution. This is FALSE POSITIVE - lines 144-149 contain Makefile documentation showing version resolution patterns, not executable code.
SKILL.md:112-114SKILL.md:147SKILL.md:234
Hardcoded MikroTik download URLs
Static analyzer flagged hardcoded URLs to download.mikrotik.com and upgrade.mikrotik.com. These are legitimate official MikroTik download endpoints for RouterOS packages - not security concerns.
SKILL.md:169
Example IP address in documentation
Line 169 shows example IP 192.168.88.2/24 for network configuration documentation. Standard practice for documentation - no actual IP scanning or network probing.
SKILL.md:109SKILL.md:140
Markdown relative path references flagged as path traversal
Lines 109 and 140 reference '../routeros-fundamentals/references/version-parsing.md' as markdown links to other skill documentation. This is standard cross-referencing, not path traversal vulnerability.

风险因素

⚙️ 外部命令 (1)
SKILL.md:144-149
🌐 网络访问 (1)
SKILL.md:112-114
📁 文件系统访问 (1)
SKILL.md:109

检测到的模式

Static analyzer misclassified keywords as crypto weakness
← 返回技能