技能 routeros-mndp 審計歷史
📡

審計歷史

routeros-mndp - 2 審計

審計版本 2

最新 安全

May 9, 2026, 03:46 PM

All 56 static findings are false positives. The skill contains only protocol documentation with code examples in markdown. No executable code, no external command execution, no credential exfiltration, and no malicious patterns detected. The detected external_commands and network patterns are markdown code blocks containing legitimate protocol documentation (broadcast addresses, socket examples, curl commands). This is a pure reference documentation skill for MikroTik MNDP protocol.

1
已掃描檔案
267
分析行數
4
發現項
claude
審計者
中風險問題 (4)
External Command Pattern False Positives
Static analyzer flagged 44 locations as 'Ruby/shell backtick execution'. These are all false positives - the file contains only markdown documentation with code blocks showing shell commands like curl, git, setsockopt, and hex values. No actual backtick execution exists in this file.
Network Pattern False Positives
Static analyzer flagged broadcast address 255.255.255.255 and socket binding 0.0.0.0 as 'hardcoded network addresses'. These are standard protocol documentation for MNDP. The URL at line 151 uses a template placeholder <router-ip>, not a real endpoint.
Weak Cryptographic Algorithm False Positives
Static analyzer flagged hex values like 0x0000 as 'weak cryptographic algorithms'. These are TLV (Type-Length-Value) protocol field type identifiers, not cryptographic code.
System Reconnaissance False Positives
Static analyzer flagged legitimate protocol descriptions as 'system reconnaissance'. The file documents how MNDP protocol works, including multi-interface behavior and timing characteristics. This is expected documentation for a network protocol skill.

審計版本 1

低風險

Apr 16, 2026, 09:08 PM

Static analysis detected 44 external_commands and 5 network patterns. After evaluation, all external_commands are documentation of code examples showing proper protocol implementation patterns (dgram socket, setsockopt). The backtick patterns in SKILL.md are embedded code samples in markdown, not runtime execution. Network patterns include hardcoded IPs (255.255.255.255, 192.168.88.1) which are legitimate broadcast addresses and example values. No malicious intent found; skill is safe for publication.

1
已掃描檔案
267
分析行數
3
發現項
claude
審計者
低風險問題 (1)
SKILL.md:100-102SKILL.md:161-162
System Reconnaissance - Network Information Disclosure
The skill documents MNDP as a protocol that reveals device identity, version, board model, IP addresses, MAC addresses, and uptime. This is expected behavior for a discovery protocol, not a vulnerability in this skill.

風險因素

⚙️ 外部命令 (44)
SKILL.md:14 SKILL.md:42-49 SKILL.md:49-51 SKILL.md:51-55 SKILL.md:55-60 SKILL.md:60-66 SKILL.md:66-71 SKILL.md:71-81 SKILL.md:81 SKILL.md:81-82 SKILL.md:82-83 SKILL.md:83 SKILL.md:83-89 SKILL.md:89-102 SKILL.md:102-119 SKILL.md:119-121 SKILL.md:121-126 SKILL.md:126-132 SKILL.md:132-145 SKILL.md:145-149 SKILL.md:149-154 SKILL.md:154-168 SKILL.md:168-170 SKILL.md:170-177 SKILL.md:177-179 SKILL.md:179-185 SKILL.md:185-187 SKILL.md:187 SKILL.md:187 SKILL.md:187-195 SKILL.md:195-197 SKILL.md:197-199 SKILL.md:199-201 SKILL.md:201-205 SKILL.md:205-239 SKILL.md:239-246 SKILL.md:246-259 SKILL.md:259-260 SKILL.md:260 SKILL.md:260-261 SKILL.md:261-262 SKILL.md:262-266 SKILL.md:266 SKILL.md:266
🌐 網路存取 (5)
SKILL.md:25 SKILL.md:33 SKILL.md:151 SKILL.md:174 SKILL.md:191

偵測到的模式

External Command Documentation
← 返回技能