← Back to Skills Marketplace
charllesvale

Mikrotik Routeros

by charllesvale · GitHub ↗ · v2.0.5 · MIT-0
cross-platform ⚠ suspicious
134
Downloads
0
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install mikrotik-routeros-isp
Description
Expert-level management of MikroTik RouterOS devices and VSOL GPON OLTs via SSH or RouterOS API (port 8728/8729) and REST API (port 80/443). Use this skill w...
Usage Guidance
Things to check before installing or running this skill: - Verify metadata: confirm the skill registry entry matches SKILL.md (required binaries and env vars). If the registry lists no required env vars but SKILL.md does, the UI may not prompt you correctly for credentials. - Audit local-file access: the bundled Python client will read ~/.openclaw/workspace/TOOLS.md to discover devices. Remove any plaintext passwords from that file or avoid storing credentials there. Prefer SSH keys (MIKROTIK_KEY) and set passwords only in a secure secret store/environment variables when needed. - Vet third‑party code: the references and scripts instruct fetching code from https://rsc.eworm.de and advise installing eworm scripts on routers. Review those scripts yourself before importing them into production routers—they run with router privileges. - Host modifications: SKILL.md suggests 'pip3 install --break-system-packages' and using sshpass. Only run these commands in a controlled environment (container or CI runner) if you understand implications for the host OS package management. - Least privilege: create a management account on devices with only the permissions the automation needs (avoid full admin if possible), and restrict RouterOS API/SSH access to management subnets. - Operational caution: when the skill proposes destructive commands (reboot, remove, change firewall), require explicit confirmation. Consider running in read/diagnose-only mode first. If you cannot review the external scripts (rsc.eworm.de, Evolution API examples) and you cannot guarantee TOOLS.md/ENV secrecy, treat this integration as higher risk and do not install it on sensitive systems until vetted.
Capability Analysis
Type: OpenClaw Skill Name: mikrotik-routeros-isp Version: 2.0.5 The skill bundle provides comprehensive ISP management tools but includes high-risk patterns, most notably the automated fetching and execution of remote scripts. In 'references/eworm-scripts.md', instructions are provided to download and run RouterOS scripts directly from 'rsc.eworm.de', which functions as a 'curl|bash' equivalent for network infrastructure. Additionally, 'scripts/mikrotik_api.py' is designed to read and parse the 'TOOLS.md' file within the OpenClaw workspace to extract device credentials. While these capabilities are aligned with the stated purpose of advanced ISP automation, the combination of remote code execution and broad workspace file access for secrets poses a significant security risk.
Capability Tags
cryptorequires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The SKILL.md, reference docs, and code files align with the stated purpose (MikroTik RouterOS and VSOL OLT management). However the registry metadata you provided lists no required binaries or env vars while the included SKILL.md explicitly declares required binaries (ssh, sshpass) and several env vars (MIKROTIK_HOST, MIKROTIK_USER, MIKROTIK_PASS, MIKROTIK_KEY, OLT_*). That metadata mismatch is an inconsistency you should resolve before trusting automated installs or UI prompts.
Instruction Scope
The runtime instructions and the included Python script deliberately read local user config (~/.openclaw/workspace/TOOLS.md) to find device credentials and also instruct fetching third‑party RouterOS scripts (rsc.eworm.de) into devices. Reading TOOLS.md and using env vars is reasonable for device automation, but it exposes credentials if passwords are stored there. The skill also instructs running pip3 with --break-system-packages and using sshpass if keys are unavailable—both broaden the agent's actions on the host. The skill does not appear to exfiltrate data itself, but it gives the agent discretion to read local credential files and to fetch/execute third‑party code on managed devices.
Install Mechanism
There is no platform-level install spec — the skill is instruction-plus-code and will not automatically download/execute packages on the hosting machine. That is lower risk than an installer that pulls arbitrary binaries. Still, SKILL.md instructs operators to run 'pip3 install --break-system-packages routeros-api' and to fetch scripts from rsc.eworm.de into routers. Those are explicit supply‑chain actions you must audit before performing; the skill itself bundles a small pure‑Python RouterOS client (scripts/mikrotik_api.py) rather than depending solely on the pip package.
Credentials
The env vars required by the SKILL.md (MIKROTIK_HOST/USER/PASS/KEY and optional OLT credentials) are appropriate for a network management skill. However: (1) the registry metadata previously shown lists none, an inconsistency that could hide prompts or required secrets at install time; (2) the included Python script reads TOOLS.md (~/.openclaw/workspace/TOOLS.md) and will parse stored device entries, potentially using plaintext passwords found there. If TOOLS.md contains passwords, the script warns but will still return them. Requesting host-level credentials is proportionate only if the operator knows these are needed and stores them safely (SSH keys or ephemeral secrets).
Persistence & Privilege
always:false and no install hook were declared — the skill is not force-included and does not request persistent platform privileges. It does instruct adding scheduler entries and scripts on remote RouterOS devices (normal for device management), but it does not appear to modify other skills or agent-wide configuration. Note: the skill can be invoked autonomously by default (disable-model-invocation is false); autonomous invocation combined with broad credential access would increase risk, but here the skill does not request unrelated platform secrets.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mikrotik-routeros-isp
  3. After installation, invoke the skill by name or use /mikrotik-routeros-isp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.5
- Skill renamed from `mikrotik-routeros-isp` to `mikrotik-routeros-isp-br`. - Updated TOOLS.md instructions to recommend storing SSH key paths instead of passwords. - Added a security notice: plaintext passwords should never be kept in TOOLS.md. - Minor clarifications and rewording in the documentation; no logic changes. - No changes to functional code detected.
v2.0.4
Prefer SSH key auth, declare env vars and external URLs, security improvements
v2.0.3
Fix example hosts to MikroTik default 192.168.88.1
v2.0.2
PCC dual-WAN load balance, OSPF watchdog
v2.0.1
Added PCC dual-WAN, OSPF watchdog, RADIUS fixes, GenieACS auth from protocol.be
v2.0.0
RouterOS API REST ref, Python client, multi-device, eworm-de scripts complete catalog
v1.0.0
Initial release — provides expert management of MikroTik RouterOS and VSOL/GPON OLT devices for ISP infrastructure. - Supports SSH-based configuration and diagnostics for MikroTik RouterOS and VSOL GPON OLT. - Guides on safe device management: always backs up configs and requires confirmation for changes. - Covers workflows for PPPoE, CGNAT, RADIUS, OSPF, BGP, VLAN, VRRP, and failover automation. - Includes best practices, safety warnings, and troubleshooting references directly in skill documentation.
Metadata
Slug mikrotik-routeros-isp
Version 2.0.5
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 7
Frequently Asked Questions

What is Mikrotik Routeros?

Expert-level management of MikroTik RouterOS devices and VSOL GPON OLTs via SSH or RouterOS API (port 8728/8729) and REST API (port 80/443). Use this skill w... It is an AI Agent Skill for Claude Code / OpenClaw, with 134 downloads so far.

How do I install Mikrotik Routeros?

Run "/install mikrotik-routeros-isp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mikrotik Routeros free?

Yes, Mikrotik Routeros is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Mikrotik Routeros support?

Mikrotik Routeros is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mikrotik Routeros?

It is built and maintained by charllesvale (@charllesvale); the current version is v2.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments