Skills
skills/automateyournetwork/netclaw/nautobot-sot/Gen Agent Trust Hub

nautobot-sot

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill defines a set of read-only tools designed to interface with the Nautobot API for network source-of-truth queries. All functionality is focused on data retrieval without administrative or destructive capabilities.
  • [EXTERNAL_DOWNLOADS]: References the aiopnet/mcp-nautobot GitHub repository as the source for the underlying MCP server implementation. This is documented as a legitimate dependency for the skill's operation.
  • [CREDENTIALS_UNSAFE]: Appropriately utilizes environment variables (NAUTOBOT_URL and NAUTOBOT_TOKEN) for API authentication. No hardcoded secrets or sensitive credentials were found in the skill definitions.
  • [PROMPT_INJECTION]: The skill handles data from an external source (Nautobot), creating a theoretical surface for indirect prompt injection. However, since all tools are restricted to read-only API calls and lack capabilities for system modification or further network exfiltration, the risk is negligible.
  • Ingestion points: Data enters the agent context via Nautobot API responses in tools like get_ip_addresses and search_ip_addresses (SKILL.md).
  • Boundary markers: None explicitly defined to delimit external data from instructions.
  • Capability inventory: Tools are restricted to read-only HTTP requests via the MCP server; no subprocess execution, file-writing, or external network-send capabilities are present.
  • Sanitization: No specific sanitization of external data is noted in the markdown, but functionality is limited by the API's read-only scope.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:12 AM
Security Audit — agent-trust-hub — nautobot-sot