Skills
skills/automateyournetwork/netclaw/subnet-calculator/Gen Agent Trust Hub

subnet-calculator

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically constructs and executes shell commands by referencing environment variables ($MCP_CALL, $SUBNET_MCP_SCRIPT, and $PYATS_MCP_SCRIPT). This pattern relies on external environment configuration for executable paths.
  • Evidence: Found in SKILL.md within tool definitions and usage scenarios, such as python3 $MCP_CALL "python3 -u $SUBNET_MCP_SCRIPT" subnet_calculator '{"cidr":"10.0.0.0/8"}'.
  • [COMMAND_EXECUTION]: User-supplied data (the cidr parameter) is interpolated directly into a shell command string. If the agent does not strictly validate or escape this input, it presents a potential command injection surface.
  • Evidence: The tool execution pattern '{"cidr":"<user_input>"}' places external data inside a JSON string that is then passed as an argument to a shell command.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 04:21 PM
Security Audit — agent-trust-hub — subnet-calculator