技能 routeros-netinstall 審計歷史
📦

審計歷史

routeros-netinstall - 2 審計

審計版本 2

最新 安全

Apr 16, 2026, 09:09 PM

This skill is a documentation-only SKILL.md file (252 lines) describing MikroTik RouterOS netinstall-cli usage. The static analyzer flagged 124 patterns, but all are false positives from misinterpreting markdown formatting. Backtick-enclosed text (e.g., `netinstall-cli`) is markdown inline code formatting, not Ruby/shell execution. Sudo references, shell command substitution examples, and network URLs appear in documented code examples and reference links. The file contains no executable code, no secrets, and no malicious patterns. Safe for publication.

1
已掃描檔案
252
分析行數
0
發現項
claude
審計者
未發現安全問題

審計版本 1

低風險

Mar 30, 2026, 02:08 AM

This is a documentation/information skill providing guidance on MikroTik netinstall-cli usage. All 113 static analyzer flags are false positives or misclassifications. The backtick patterns are Makefile syntax in documentation examples. Sudo usage is legitimate (tool requires root for privileged BOOTP/TFTP ports). No cryptographic algorithms are implemented. The skill poses no security risk to users.

1
已掃描檔案
235
分析行數
8
發現項
claude
審計者
中風險問題 (1)
SKILL.md:167-168SKILL.md:179SKILL.md:189SKILL.md:202
Misclassified sudo privilege escalation
Static analyzer flagged 'sudo netinstall-cli' usage as privilege escalation. This is FALSE POSITIVE - the netinstall-cli tool legitimately requires root privileges for BOOTP (ports 67/68) and TFTP (port 69) network operations. Documentation correctly shows proper sudo usage for this sysadmin tool.
低風險問題 (4)
SKILL.md:144-149SKILL.md:146-147
Documentation examples containing Makefile syntax
Static analyzer flagged '$(shell ...)' as Ruby backtick execution. This is FALSE POSITIVE - lines 144-149 contain Makefile documentation showing version resolution patterns, not executable code.
SKILL.md:112-114SKILL.md:147SKILL.md:234
Hardcoded MikroTik download URLs
Static analyzer flagged hardcoded URLs to download.mikrotik.com and upgrade.mikrotik.com. These are legitimate official MikroTik download endpoints for RouterOS packages - not security concerns.
SKILL.md:169
Example IP address in documentation
Line 169 shows example IP 192.168.88.2/24 for network configuration documentation. Standard practice for documentation - no actual IP scanning or network probing.
SKILL.md:109SKILL.md:140
Markdown relative path references flagged as path traversal
Lines 109 and 140 reference '../routeros-fundamentals/references/version-parsing.md' as markdown links to other skill documentation. This is standard cross-referencing, not path traversal vulnerability.

風險因素

⚙️ 外部命令 (1)
SKILL.md:144-149
🌐 網路存取 (1)
SKILL.md:112-114
📁 檔案系統存取 (1)
SKILL.md:109

偵測到的模式

Static analyzer misclassified keywords as crypto weakness
← 返回技能