技能详情(站内镜像,无评论)
作者:Aanish Bhirud @baanish
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v2.0.1
统计:⭐ 2 · 1.9k · 9 current installs · 9 all-time installs
⭐ 2
安装量(当前) 9
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:baanish/pihole
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The skill's stated purpose (controlling a local Pi‑hole via its v6 API) matches its instructions, but there are configuration/manifest mismatches and a privilege concern: the agent can autonomously invoke a skill that can toggle network ad‑blocking.
目的
Name and SKILL.md describe Pi‑hole v6 control and the documented API calls match that purpose. However the registry metadata lists no required binaries or env vars while the SKILL.md explicitly requires curl and jq and documents PIHOLE_API_URL/PIHOLE_API_TOKEN/PIHOLE_INSECURE — a manifest mismatch that should be corrected.
说明范围
Runtime instructions are narrowly scoped to calling Pi‑hole API endpoints (auth, status, enable/disable, stats, queries). They do not instruct reading unrelated files or exfiltrating data. Note: the SKILL.md documents an 'insecure' option that adds curl -k (bypassing TLS verification) which reduces transport security when used.
安装机制
This is instruction-only with no install spec, so nothing is written to disk by an installer. That lowers risk. There is one shell script (pihole.sh) included — you should inspect it before enabling the skill.
证书
The skill uses a Pi‑hole API token and URL (documented in SKILL.md and as environment variables or Clawdbot config), but the registry metadata declares no required environment variables. The skill appropriately needs only the Pi‑hole credentials, but the manifest should list them explicitly. Also confirm how the included pihole.sh handles the token (environment variable vs command line) because command‑line embedding could expose secrets via p…
持久
The skill does not set disableModelInvocation and is therefore callable by the model autonomously. Because the skill can enable/disable network ad‑blocking (a disruptive network control), allowing the model to trigger it without explicit user invocation is a meaningful risk. Consider requiring explicit user invocation or setting disableModelInvocation.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Pi-hole Control」。简介:Control Pi-hole v6 DNS ad blocker: check status, view stats, enable/disable blo…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/baanish/pihole/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。