mqtt-iot
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Multiple instances of hardcoded cleartext credentials were found throughout the skill content. Examples include the Mosquitto password creation command
mosquitto_passwd -b /mosquitto/config/passwd user1 password123, the EMQX dashboard default environment variableEMQX_DASHBOARD__DEFAULT_PASSWORD=admin123, and the Python client codeclient.username_pw_set("user", "password"). Providing literal passwords in configuration examples is a high-risk practice as it encourages the use of weak or default credentials in production environments. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references official Docker images for MQTT brokers, specifically
eclipse-mosquitto:2andemqx/emqx:5. These are well-known, official images and do not represent a security threat in the context of this skill. - [COMMAND_EXECUTION] (SAFE): The provided CLI examples and Python scripts are standard for managing and interacting with MQTT brokers. No malicious command injection or unauthorized system access patterns were detected.
Recommendations
- AI detected serious security threats
Audit Metadata