Skills
skills/trtmn/agent-skills/unifi-api/Gen Agent Trust Hub

unifi-api

Fail

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill processes highly sensitive credentials including the UNIFI_API_KEY and plaintext WiFi passwords via the x_passphrase field.
  • [COMMAND_EXECUTION]: The skill executes Python code that explicitly disables TLS certificate verification using ssl._create_unverified_context(). This allows a potential man-in-the-middle on the local network to intercept the sensitive API key.
  • [EXTERNAL_DOWNLOADS]: The configuration in .claude/settings.local.json permits pip3 install, which allows the agent to download and install arbitrary, unversioned software from the internet at runtime. It also allows WebFetch from several third-party domains (e.g., myplace.app, artofwifi.net) that are not recognized as trusted vendors.
  • [DATA_EXFILTRATION]: The skill has comprehensive access to network topology, connected client data, and firewall configurations. Combined with the ability to execute network requests via Python and Curl to external domains, this creates a high risk of sensitive data exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 11, 2026, 07:15 PM