mqtt

star 8

Implement MQTT messaging avoiding security, QoS, and connection management pitfalls.

modbender By modbender schedule Updated 3/6/2026
play_arrow Run Skill in Manus View GitHub

name: MQTT description: Implement MQTT messaging avoiding security, QoS, and connection management pitfalls. metadata: {"clawdbot":{"emoji":"๐Ÿ“ก","os":["linux","darwin","win32"]}}

Security Traps

  • Default Mosquitto allows anonymous connections โ€” bots scan constantly, always configure auth
  • TLS mandatory for external access โ€” credentials travel plaintext otherwise
  • Duplicate client IDs cause connection fights โ€” both clients repeatedly disconnect each other
  • ACLs should restrict topic access โ€” one compromised device shouldn't read all topics

QoS Misunderstandings

  • Effective QoS is minimum of publisher and subscriber โ€” broker downgrades if subscriber requests lower
  • QoS 1 may duplicate messages โ€” handlers must be idempotent
  • QoS 2 has significant overhead โ€” only use for commands where duplicates cause problems
  • QoS applies per-message โ€” can mix within same topic

Topic Design Pitfalls

  • Starting with / creates empty first level โ€” home/temp not /home/temp
  • Wildcards only work in subscriptions โ€” can't publish to home/+/temperature
  • # matches everything including nested โ€” home/# gets home/a/b/c/d
  • Some brokers limit topic depth โ€” check before designing deep hierarchies

Connection Management

  • Clean session false preserves subscriptions โ€” messages queue while disconnected, can surprise
  • Keep-alive too long = delayed dead client detection โ€” 60s is reasonable default
  • Reconnection logic is client responsibility โ€” most libraries don't auto-reconnect by default
  • Will message only fires on unexpected disconnect โ€” clean disconnect doesn't trigger it

Retained Message Traps

  • Retained messages persist until explicitly cleared โ€” old data confuses new subscribers
  • Clear retained with empty message + retain flag โ€” not obvious from docs
  • Birth/will pattern: publish "online" retained on connect, will publishes "offline"

Mosquitto Specifics

  • persistence true survives restarts โ€” without it, retained messages and subscriptions lost
  • max_queued_messages prevents memory exhaustion โ€” one slow subscriber shouldn't crash broker
  • listener 1883 0.0.0.0 binds all interfaces โ€” use 127.0.0.1 for local-only

Debugging

  • Subscribe to # sees all traffic โ€” never in production, leaks everything
  • $SYS/# exposes broker metrics โ€” client count, bytes, subscriptions
  • Retained messages persist after fixing issues โ€” explicitly clear them
  • mosquitto_sub -v shows topic with message โ€” essential for debugging
Install via CLI
npx skills add https://github.com/modbender/skill-library-mcp --skill mqtt
Repository Details
star Stars 8
call_split Forks 2
navigation Branch main
article Path SKILL.md
More from Creator
modbender
modbender Explore all skills →